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Talk  about  a  stress  test 

CCIE  lab  exam  brings  even  the  best  to  their  knees. 
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Will  major  vendors 
dilute  open  source? 


BY  ELLEN  MESSMER 

SAN  JOSE  —  While 
Microsoft  and  Cisco  con¬ 
tinue  the  hard  sell  on  their 
respective  visions  for  quar¬ 
antine-based  endpoint 
security  customers  and  in¬ 
dustry  experts  are  asking 
hard  questions  about  cost, 
complexity  and  the  will¬ 
ingness  of  these  industry 
giants  to  work  together. 

The  dual  dynamics  were 
on  display  at  last  week’s 
RSA  Conference  2006, 
where  Microsoft  Chief  Soft¬ 
ware  Architect  Bill  Gates 
and  Cisco  CEO  John 
Chambers  each  used  the 
term  “ecosphere”  in 
describing  the  need  to 
See  RSA,  page  12 


BY  CAROLYN  DUFFY  MARSAN 

Anthony  Sequeira  knows  a  little  about  stress.The  35-year-old 
network  instructor  from  Tampa,  Fla.,  once  purposely  stalled 
a  single-engine  plane  and  sent  it  into  a  tailspin  five  times 
in  a  row  as  part  of  his  efforts  to  earn  his  pilot’s  license.  He’s 
also  a  world-class  poker  player.  But  nothing  in  his  thrill¬ 
seeking  exploits  prepared  him  for  the  pressure  of  tak¬ 
ing  the  Cisco  Certified  Internetworking  Expert 
(CCIE)  lab  exam. 

The  CCIE  exam  is  “absolutely  more 
stressful  than  doing  loop-de-loops 
in  a  plane,”  Sequeira  says. 

“With  piloting, you  conquer 
fear  by  eliminating  the 
unknowns.The  fear  of  the 
unknown  is  what  you  consistently 
face  in  the  CClE.They  could  throw  a 
topic  at  you  that  you  have  no  experi¬ 
ence  with. They  did  it  to  me  all  five 

See  CCIE,  page  66 


DAN  VASCONCELLOS 


BY  JENNIFER  MEARS 
AND  ANN  BEDNARZ 

Commercial  software  giants  such 
as  Oracle  and  IBM  are  moving 
deeper  into  and  changing  the  face 
of  the  open  source  community  by 
snapping  up  start-ups. 

Though  arguably  in  its  early 
stages,  the  trend  is  accelerating 
(see  graphic,  page  67).  Last  week 
Oracle  announced  it  would  buy 
open  source  database  vendor 
Sleepycat  Software,  and  rumors 
continue  to  swirl  about  its  interest 
in  JBoss,  one  of  the  leading  open 
source  application  server  firms.  Last 
year  IBM  bought  open  source  infra¬ 
structure  company  Gluecode  Soft¬ 
ware,  and  Check  Point  Software  is 
finalizing  its  purchase  of  Snort-cre¬ 
ator  Sourcefire.  At  the  same  time, 
commercial  vendors  are  beginning 


to  offer  versions  of  their  proprietary 
products  for  free  and  are  contribut¬ 
ing  proprietary  code  to  the  open 
source  community  hoping  to  make 
money  on  services  and  support. 

Still,  there  are  concerns  as  com¬ 
mercial  vendors  ingest  the  compa¬ 
nies  that  were  the  first  to  make  this 
business  model  work.  At  risk  is  the 
loss  of  user  access  to  key  application 
development  personnel  —  a  hall¬ 
mark  of  open  source  projects  —  and 
the  potential  departure  of  critical 
project  stewards. 

“I  believe  what  will  really  deter¬ 
mine  the  success  or  failure  of  com¬ 
mercial  firms  purchasing  open 
source  vendors  is  the  extent  to 
which  they  can  keep  the  key  devel¬ 
opers,”  says  Barry  Strasnick,  CIO  at 
CitiStreet,  a  benefits  management 
See  Open  source,  page  67 


Health  net  gets  a  checkup 


BY  DENI  CONNOR 

SAN  DIEGO  —  Amid  privacy, 
security  and  technology  con¬ 
cerns,  healthcare  IT  professionals 
got  a  progress  report  on  the  sta¬ 
tus  of  the  Nationwide  Health  In¬ 
formation  Network,  a  project  that 
seeks  to  improve  patient  care 
and  reduce  medical  errors  in  im¬ 


plementing  electronic  health 
record  systems. 

At  the  Health  Information  Man¬ 
agement  and  Systems  Society 
(HIMSS)  show  in  San  Diego  last 
week,  25,100  IT  managers  and 
CIOs  listened  as  a  number  of 
speakers,  including  Dr.  David 
Brailer,  national  coordinator  for 


Health  Information  Technology 
for  the  Department  of  Health  and 
Human  Services,  described  their 
visions  of  such  a  network,  the 
current  barriers  to  adoption  and 
the  progress  being  made. 

In  April  2004,  President  Bush 
charged  the  IT  industry  to  build  a 
system  that  would  provide  every 
U.S.  citizen  by  2014  with  an  elec¬ 
tronic  health  record  (EHR)  that 
could  be  accessed  from  any 
location.  He  appointed  Brailer  to 
coordinate  this  effort  and  estab¬ 
lish  the  NHIN. 

Last  December,  Brailer’s  office 
awarded  $18.6  million  in  con¬ 
tracts  to  four  consortia  led  by 
Accenture,  Computer  Science 

See  Health,  page  10 


Partners  Healthcare  is  using  videoconferencing  to  h'e*lp  roakq 
critical,  real-time  medical  decisions.  In  this  example*;, 


Schwamm  in  Boston  is  deciding  how  to  treat  a)S;^|&;^"c't4m 
at  a  remote  hospital.  Page  53. 
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Running  on  Microsoft  SQL  Server  2005. 
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Jettainer  manages  shipping  containers  for  Lufthansa  and  US  Airways  on  3,000 
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GATEWAY  UNDERSTANDS  YOUR  ORGANIZATION'S  NEEDS,  in  this  day  and  age  of 

dwindling  budgets  and  tight  deadlines,  you  can't  afford  technology  that  doesn't 
keep  up.  So  how  about  an  E-9415R  server  that  packs  3  SCSI  hard  drives  into  a  1U 
space?  Or  one  with  RAID  5  and  a  redundant  power  supply  that  keeps  your  data 
safe?  Or  even  one  of  the  best  money-back  guarantees  in  the  industry?  The  editors 
of  InfoWorld  praised  its  value  and  performance,  stating,  "Overall,  the  941 5  is  a  good 
value.  It  is  easy  to  order  in  various  configurations  through  the  Gateway  web  site  and 
offers  excellent  performance."  But  don't  just  take  their  word  for  it.  See  for  yourself 
how  Gateway  delivers  more. 

TO  LEARN  MORE  CALL  1-866-531-8297  OR  VISIT  Gateway.com 
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GATEWAY®  E-9415R  SERVER  -  Supporting  single-core  or  Dual-Core  Intel®  Xeon  Processors  •  Microsoft®  Server  2003 
Operating  Systems  •  3  Hot  Swap  SATA  or  SCSI  Drive  Bays  with  RAID  5  Capability  (up  to  1 .5TB  of  Storage1) 
•  Integrated  Intel®  Dual  10/100/1000  (Gigabit)  Ethernet  •  Hot-swap  Redundant  Power  Supplies  •  3-to 
5-Year  Parts  and  Limited  Warranty  with  3-Year  On-Site-Service2  •  90-day  Limited  Money-Back  Guarantee3 
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8  Cisco  CIO  takes  wireless  industry  to  task. 

8  Google,  BearingPoint  form  alliance  to  put  support 
behind  enterprise  search. 

8  Network  security  is  the  key  to  keeping  VoIP  secure. 

10  Spending  survey:  Telecom  is  over  the  hump. 

12  Business  should  pay  more  attention  to  software  security. 
14  Microsoft  to  pack  ID  technology  in  Active  Directory. 

14  Microsoft's  Office  2007  includes  new  twists. 

16  Analysts:  Juniper  could  do  better. 

16  Switch  vendors  prioritize  blades,  deemphasize  servers. 
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17  Security  issues  debated. 
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18  Kevin  Tolly:  Space  invaders:  You 
and  WIPS. 
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support. 
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24  Johna  Till  Johnson:  Tackling 
telecom  policy. 

24  Gingular  touts  upgrades  to 
wireless. 


Technology  Update 

25  Multithreading  weaves  its  way 
into  networks. 

25  Steve  Blass:  Ask  Dr.  Internet. 

26  Mark  Gibbs:  Sound  advice  from 
Acid  Pro. 
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Opinions 

28  On  Technology:  Security:  Lots 
more  work  to  do. 

29  Ken  Presti:  Enter  the  age  of 
the  warm,  fuzzy  IT  integrator. 

29  Howard  Anderson:  China, 
Incorporated. 

68  BackSpin:  Demo  and  the  Next 
Big  Things. 
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A  dose  of 
telemedicine 
saves  lives, 
cuts  costs 

Partners  Healthcare  has  deployed  telemedicine 
applications  that  extend  treatment  to  home- 
bound  patients,  such  as  Carolyn  Thornton,  who 
transmits  daily  blood  pressure  readings  from 
her  suburban  home  to  cardiac  nurses  in  Boston. 
Page  53. 

Clear  Choice  Test: 
VoIP  over  SSL  VPN 
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The  Dm  Bala  tabr  concept  has  matured  grafy  since  we  began 
Investigating  kttne  years  ago.  In  tWs  issue,  the  first  of  our  2006 
six-part  series,  we  reflect  on  best  practices,  login  after  page  36. 


After  testing  10  SSL  VPN  prod¬ 
ucts  to  determine  how  well  they 
handle  voice  traffic,  we  can 
report  that  the  news  is  gener¬ 
ally  good.  In  fact,  in  some  scenarios  voice  quality 
can  actually  improve  by  using  SSL  VPN  links. 

Page  56. 
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Get  your  WAN  application  acceler¬ 
ation  questions  answered. 

Next  week  is  our  online  discussion  on 
different  ways  to  accelerate  applica¬ 
tions  across  the  WAN.  Get  detailed 
technical  answers  from  experts  at 
Cisco,  Silver  Peak,  racketeer  and 
Citrix.  Get  a  head  start:  Submit  your 
questions  now  —  mail  them  to 
agaffin@nww.com.  Well  also  have  a 
library  of  papers  for  you  to  browse. 

Complete  RSA  Conference  coverage 

If  you  missed  the  show  —  or 
even  if  you  were  there,  we've  put 


together  a  page  linking  you  to  all 
the  news  from  the  security 
conference, 

DocFinder:  2247 

What  part  of  “competition"  does 
Comcast  not  understand? 

Network  World  Editorial  Director 
John  Gallant  sits  on  his  town's 
cable  advisory  committee.  He  can¬ 
not  believe  that  Comcast  raised 
local  rates  just  as  the  town  is 
negotiating  with  Verizon  to  allow  a 
competing  service  that  would  cost 
less  DocFinder:  2248 


Online  help  and  advice 


Mystery  bandwidth  use 

Help  desk  guru  Ron  Nutter  helps  a 
user  figure  out  what's  eating  up  so 
much  bandwidth  on  his  network. 

DocFinder:  2249 

CMDB  in  the  real  world 

Dennis  Drogseth,  vice  president  of 
Enterprise  Management  Associates, 
discusses  ITIL's  Configuration 
Management  Database. 

DocFinder:  2250 

Got  a  question? 

Post  it  in  our  forums  and  get  help. 


We've  got  all  the  key  enterprise  top¬ 
ics  covered.  Free  registration  is 
required.  DocFinder:  2252 

How  do  you  define  the  data  center? 

Nementes  Research  Analyst  Andreas 
Antonopoulos  tries  to  answer  the 
question. 

DocFinder:  2251 

An  alternative  to  Java 

Columnist  Mark  Gibbs  takes  a  look 
at  AotiveGrld,  a  development  suite 
that  relies  on  PHP  and  Python. 

DocFinder:  2262 


Seminars  and  events 

New  IT  Road  map  event 

A  full  day  of  six  fast  tracks  at  IT  Road  map.  Forty  enterprise  all-stars, 
analysts  and  vendors  provide  new  technology,  smart  solutions  and  on- 
point  expertise.  Qualify  to  attend  free  in  Boston,  Chicago,  Dallas  and  the 
Bay  Area. 

DocFinder:  2253 
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Go  online  for  breaking  news  every  day.  DocFinder  1001 

Free  e-mai  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder  1002 

What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and  resources 
online.  Simply  enter  the  four-digit  DocFinder  number  in 
the  search  box  on  the  home  page,  and  you’ll  jump  directly 
to  the  requested  information. 
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Bill  would  ban  U.S.  servers  in  China 

■  A  U.S.  lawmaker  last  week  introduced  legislation  that  would  bar  US.  Internet 
companies  from  locating  Web  servers  inside  Internet-restricting  countries  such  as 
China  and  Vietnam,  with  prison  sentences  for  those  who  don’t 
comply  Rep.  Christopher  Smith  s  (R-N.J.)  bill,  called  the 
Global  Online  Freedom  Act,  also  would  prohibit  U.S. 
search  engine  companies  from  altering  the  results  of 
searches  in  countries  such  as  China,  and  would  pro¬ 
hibit  U.S.  Internet  companies  from  giving  personally 
identifiable  customer  information  to  the  govern¬ 
ments  of  Internet-restricting  countries,  except  for  legit¬ 
imate  law  enforcement  requests  reviewed  by  the 
Department  of  Justice. 


NOAH  Z.  JONES 


IBM  preps  patches  for  flaw 

■  IBM  is  working  on  developing  and  distributing 
fixes  to  a  vulnerability  detected  in  IBM  Tivoli 
Directory  Server  6.x  that  could  leave  the  software 
exposed  to  denial-of-service  attacks.  According  to 
IBM, Tivoli  Directory  Server  6.x  provides  a  Lightweight 
Directory  Access  Protocol  identity  infrastructure  that 
can  serve  as  the  foundation  for  deploying  identity 
management  applications  and  Web  services.  The 
flaw,  detected  last  week,  was  deemed  less  critical  by 
Secunia  Research,  which  reported  the  vulnerability 
in  a  security  advisory. The  vulnerability  has  been  dis¬ 
covered  in  Version  6  of  the  software,  and  the  Web  site 
indicates  other  versions  could  be  affected.  According 
to  the  Secunia  security  advisory,  the  vulnerability  is 
caused  by  an  error  within  the  LDAP  server  when 
handling  certain  requests,  and  “this  can  be  exploited 
to  crash  the  server  via  specially  crafted  requests  sent 
to  Pbrt  389/tcp.”  The  error  can  cause  the  server  to 
crash  because  of  a  DoS  attack  committed  on  the 
local  network,  but  security  experts  say  the  threat  is 
minimal. 

DHS  warns  of  rootkit  crackdown 

8  A  U.S.  Department  of  Homeland  Security  official 
warned  last  week  that  if  software  distributors  contin¬ 
ue  to  sell  products  with  dangerous  rootkit  software,  as 
Sony  BMG  Music  Entertainment  recently  did,  legisla- 


{ 


quote  o 

quote  o 

quote  o 


the  wee 

e  weel 

le  weel 


th 


t 


“The  cleverest  way  to  solve  a 
security  problem  is  to  make  it 
not  yours." 

CTO  Bruce  Schneier,  Counterpane  CTO,  during  his  RSA  session 
on  the  economics  of  security. 

The  blog  can  be  found  at  www.nww.com,  DocFinder:  2244. 

tion  or  regulation  could  follow.  “We  need  to  think 
about  how  that  situation  could  have  been  avoided  in 
the  first  place,” said  Jonathan  Frenkel,  director  of  law 
enforcement  policy  with  the  DHS’  Border  and 
Transportation  Security  Directorate,  who  was  speak¬ 
ing  at  RSA  Conference  2006  in  San  Jose.  Last  year, 
Sony  distributed  Extended  Copy  Protection  software 
in  some  of  its  products.  This  digital  rights  manage¬ 
ment  software,  which  used  rootkit  cloaking  tech¬ 
niques  normally  employed  by  hackers,  was  found  to 
be  a  security  risk,  and  Sony  was  forced  to  recall  mil¬ 
lions  of  CDs. 

Apple  has  a  worm  in  MacOS  X 

■  A  worm  that  affects  computers  running  Apple’s 


7  don ’t  care  what  anyone  says,  Laser- 
Disc  is  still  cool!” 


This  week's  Layer  8  caption  winner  by  Chad  Freiling  makes  us 
laugh  because  it  reminds  us  of  our  days  working  in  the  Sight 
&  Sounds  department  of  Service  Merchandise  in  the  early 
1990s  when  Laser  Discs  really  were  cool.  See  other  entries 
at  www.nww.com,  DocFinder.  2245 


TheGoodTheBadTheUgly 

Ballmer  shows  the  love.  Speaking  at  last  weeks 
3GSM  World  Congress  in  Spain,  Microsoft  CEO  Steve  Ballmer  got  the 
crowd  feeling  warm  and  fuzzy  with  these  sentiments:  "I'm  a  guy  some 
of  you  have  probably  seen  on  the  Internet  yelling  how  much  I  love 
Microsoft.  So  my  theme  on  this  today  is  —  I  love  the  mobile  industry 
and  I  love  our  operator  partners.” 

Boring  patches.  What's  the  industry  coming 
to  when  you  can't  get  a  little  excitement  from  Microsoft's 
Patch  Tuesday,  the  company’s  monthly  release  of  soft¬ 
ware  fixes?  Microsoft  last  week  issued  seven  patches, 
including  fixes  for  critical  security  flaws  in  Internet 
Explorer  and  Windows  Media  Player.  "These  are  seven 
of  the  most  boring  patches  I've  ever  seen,"  said  Russ 
Cooper,  senior  information  security  analyst  at  Cybertrust 
and  editor  of  the  NTBugtraq  mailing  list. 

<  Russian  pirates.  A  coalition  of  U.S.  trade  associations 
representing  copyright-based  industries  has  called  on  the  U.S.  govern- 
W  ment  to  recognize  serious  copyright  violations  in  Russia  and  to  desig¬ 
nate  the  country  for  possible  sanctions.  The  International  Intellectual 
Property  Alliance  cited  piracy  rates  of  85%  for  business  software, 
67%  for  records  and  music,  81%  for  motion  pictures  and  82%  for 
entertainment  software. 


MacOS  X  is  circulating  on  the  Internet,  according  to 
anti-virus  software  makers. The  worm,  Leap. A,  spreads 
through  the  iChat  instant  messaging  client  and  causes 
applications  to  run  improperly  according  to  warnings 
posted  on  the  sites  of  several  anti-virus  software  mak- 
ers.The  discovery  of  the  worm  is  noteworthy  because 
MacOS  X  is  generally  regarded  as  being  free  of  the 
many  viruses  and  worms  that  can  afflict  computers 
running  Microsoft’s  Windows  operating  system. 
However,  Leap. A  is  not  deemed  a  major  threat,  accord¬ 
ing  to  Symantec.  Leap. A  is  sent  from  one  computer  to 
another  as  an  attachment,  called  latestpics.gz,  to  an 
iChat  message.  The  worm  affects  computers  running 
MacOS  X  Version  10.4,  Symantec  says.  When  a  user 
saves  this  attachment  and  clicks  on  it,  a  file  called  lat- 
estpics  is  created. 

Amazon  to  take  on  iTunes 

■  Amazon.com  plans  to  launch  its  own  Internet 
music  service  to  rival  Apple’s  iTunes  Music  Store,  The 
Wall  Street  Journal  reported  last  week,  citing  uniden¬ 
tified  sources.  The  world’s  largest  online  retailer  also 
plans  to  sell  its  own  branded  portable  music  players, 
and  a  subscription  service  that  would  offer  deep  dis¬ 
counts  and  preloaded  songs  to  users  of  its  music 
players.  The  company  is  in  talks  with  four  global 
music  companies  about  a  digital  music  service  that 
could  be  launched  as  early  as  this  summer, according 
to  the  report. With  its  history  of  selling  CDs  online  and 
its  huge  customer  base,  Amazon  could  pose  a  formi¬ 
dable  threat  to  Apple’s  domination  of  the  online 
music  business.  Amazon  still  needs  to  sign  licensing 
agreements  with  the  four  music  companies:  EMI 
Group,  Sony  BMG,  Vivendi  Universal  SAs  Universal 
Music  Group  and  Warner  Music  Group. 


Sip  energy. 
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Server  Facts: 


Sun  Fire  Tiooo 

IBM  X366 

2x  THE  PERFORMANCE1 

3X  THE 

6 

CORES 

2 

l8x  MORE  COMPUTE  THREADS  PER  RACK 
960  |  52 

V3  THE  SIZE 

1U  |  3U 

V4  THE  POWER 
300  Watts 

CONSUMPTION 

1,300  Watts 

THE  RIGHT  ARCHIT 
WEB  AND  APPLICA 

ULTRASPARC' ,r 

ECTURE  FOR  YOUR 
TION  WORKLOADS 

Xeon 

V3THE 

$3,495 

:  PRICE 

$13,147 

The  Sun  Fire™  Tiooo  Solaris  server  with  CoolThreads" 
technology  delivers  18  times  more  compute  threads 
using  less  than  V4  the  power  consumption  of  Xeon. 

Introducing  the  world’s  first  eco-responsible  server.  Maximize  capacity 
with  dramatic  energy  efficiency  and  amazing  cost  savings.  Reduce  the 
number  of  servers  by  as  much  as  3  to  1.  And  with  2  times  the  performance 
for  web  tier  applications,  meet  the  increasing  demands  on  your 
network— all  while  looking  out  for  the  planet.  Visit  sun.com. 

♦ Sun  SOiariS  (share 

microsystems  I 


©  2005  Sun  Microsystems,  Inc.  All  rights  reserved. 

Base  Pricing  -  IBM  pricing  based  on  configuration  with  l  X  Dual  Core  Xeon  3.0GHz  processor  /  2GB  Memory  /  4  x  lGbE  ports  /lx  PSU  /  No  Disk  /  SUSE  LINUX  Enterprise  Server  9  1-16  CPUs  &  Support.  IBM.com  pricing  11/14/05  from  https:// 
www-i. ibm.com/products/hardware/configurator/na/ui/submitConfigSelection.wss?nc=H3i980889l46.  Sun  Fire  Tiooo  Solaris  Server  configuration  based  on  1  x  6  Core  UltraSPARC®  Ti  processor  at  1.0GHz  /  2GB  Memory  /  4  x  lGbE  ports 
/lx  PSU  /  No  Disk.  IBM  x366  product  specifications  from  brochure,  08/26/05:  http://www-l32.ibm.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogld  =  -840&storeld-l&langld=  i&dualCurrld=73&categoryld=258866o.  Power 
consumption  readings  come  from  rating  of  power  supplies.  Sun  Fire  Tiooo  Solaris  server  maximum  power  =  240  Watts.  Threads  per  rack  based  on  priced  configurations.  40  x  Sun  Fire  Tiooo  Solaris  Servers  delivering  24  threads  per  server 
being  installed  into  a  rack  with  40RU  of  usable  space.  13  x  IBM  X366  servers  can  be  installed  per  rack  with  40U  of  usable  space.  Each  server  configured  with  2  x  Xeon  cores,  with  each  core  delivering  2  threads  via  hyperthreading.  9.6  GHz 
represents  UltraSPARC®  Tl  processor  maximum  cumulative  GHz. 

‘Based  on  estimated  relative  webserving  performance. 
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Gisco  CIO  takes 
wireless  industry 
to  task 

BY  IDG  NEWS  SERVICE 

Despite  improvements  in  recent  years,  the  wireless  industry  has  done 
a  poor  job  of  giving  companies  the  tools  they  need  to  let  workers 
access  corporate  data  from  mobile  devices,  Cisco  CIO  Brad  Boston  said 
last  week  at  3GSM  World  Congress,  a  huge  mobile  and  wireless  event 
held  this  year  in  Barcelona,  Spain. 

Boston  said  he  was  amazed  as  he  walked  around  the  show  floor  to 
see  how  many  companies  are  focused  on  consumers  rather  than  the 
enterprise.  “There’s  a  lack  of  focus 
on  what  we  need,”  he  said  in  a 
speech. 

Boston  figures  that  Cisco  repre¬ 
sents  an  opportunity  for  the 
mobile  industry  to  sell  as  many  as 
40,000  devices.Yet  it’s  been  a  strug¬ 
gle  to  develop  a  mobile  program 
for  Cisco  employees,  he  said. 

He  began  planning  a  mobile 
strategy  a  few  years  ago  when  he 
found  there  were  about  12,000 
Palm-  and  Windows-based  devices 
being  used  by  Cisco  workers  and 
that  many  were  being  used  to 
access  corporate  data.  He  was 
concerned  that  a  lack  of  security  in  the  devices  could  let  Cisco  intel¬ 
lectual  property  leak  into  the  wrong  hands.To  regain  control,  his  team 
began  to  develop  a  program  to  support  the  mobile  devices. 

It  wasn’t  easy  Boston  found  there  was  no  single  place  to  buy  all  the 
software  he  needed,  and  his  team  had  to  cobble  together  components 
to  secure  and  manage  the  devices  and  enable  remote  access  to  cor¬ 
porate  data.“When  I  talk  to  my  peers,  they  all  have  the  same  problem,” 
he  said. 

Another  challenge  was  that  operators  like  to  customize  devices  with 
their  own  software  and  branding.  That  can  be  difficult  for  a  global 
company  such  as  Cisco,  which  would  have  to  test  its  corporate  soft¬ 
ware  on  a  device  that  may  be  sold  by  30  or  more  operators  around 
the  globe. 

Over  the  last  six  months,  Cisco  has  put  6,000  wireless  PDAs  in  the 
hands  of  workers  and  plans  to  increase  that  number  to  15,000  over  the 
next  six  months,  Boston  said. 

He  acknowledged  that  mobile  devices  are  improving  in  terms  of  their 
reliability  and  flexibility 

Vendors  at  the  event  strove  to  highlight  what  they  are  doing  to 
advance  mobile  products  and  services: 

•  Nokia  hinted  at  upcoming  VoIR camera  optical  zoom  and  WiMAX 
support  on  its  phones.The  company  said  it  will  release  phones  that  can 
work  with  cellular  networks  and  wireless  LANs  in  the  second  quarter. 

•  Broadcom  announced  processor  technology  it  said  could  enable 
mobile  networks  to  support  twice  as  many  calls  at  higher  quality 

•  Texas  Instruments  said  Global  System  for  Mobile  Communications 
handsets  could  cost  as  little  as  $20  by  year-end  because  of  its  new 
LoCosto  four-in-one  chip  technology 

•  Microsoft  aired  for  the  first  time  some  Windows  Live  for  Mobile  ser¬ 
vices,  including  search  technology  that  returns  results  relevant  to  a  par¬ 
ticular  location. 

•  Access,  which  recently  bought  PalmSource,  introduced  a  Linux 

-1  'tiating  system  for  smartphone  developers. 

■v  .vpe  announced  a  partnership  with  Hutchison  3G,a  provider  of  IP- 
t  r-  d  mobile  broadband  networks  in  Europe,  to  offer  what  could  be 
the  first  VoIP  service  for  mobile  phones.B 


Putting  up  big 
numbers 

The  3GSM  World  Congress 
says  50,000  people  converged 
on  the  event  in  Barcelona. 
Nearly  35,000  showed  the  first 
day,  which  is  more  than  the 
entire  show  last  year  in 
Cannes,  France.  The  show 
hosted  nearly  1,000  exhibitors, 
up  40%  from  a  year  ago. 


Google,  BearingPoint  team  to 
support  enterprise  search 


BY  JOHN  FONTANA 

Google  last  week  entered  into  its  first  partnership 
with  a  major  professional  services  firm  in  hopes  of 
attracting  vertical  industries  to  its  search  appliance 
with  support  and  customization  services. 

Google  is  aligning  with  systems  integrator 
BearingFbint,  which  will  launch  a  search  service  that 
uses  its  own  software  platform  and  Google’s  APIs  for 
integrating  the  Google  Search  Appliance  with 
diverse  corporate  data  stores. 

Google  is  trying  to  prove  it  has  what  it  takes  to  be 
an  enterprise  software  provider.  Google  Enterprise 
Professional  Program,  which  was  established  last 
September  to  help  users  deploy  the  Google  Search 
Appliance,  has  20  smaller  systems  integrator  and  pro¬ 
fessional  services  companies  in  the  United  States 
and  another  14  in  Europe  as  members. 

Enterprise  search  is  becoming  a  hot  topic.  1DC 
noted  in  a  recent  report  that  consumers  as  well  as 
enterprise  users  have  trouble  locating  information. 
Google,  which  dominates  the  consumer  end  of 
search  services,  is  pushing  deeper  into  an  enterprise 
market  in  which  established  enterprise  platform 
players  offer  a  broad  spectrum  of  search  functional¬ 
ity  along  with  gateways  or  connectors  to  third-party 
applications  including  Verity  Autonomy  Endeca,  Fast 
Search  &  Transfer  and  Convera. 

BearingPoint  will  provide  what  Google  doesn’t 
have  to  take  on  those  competitors.  It  is  the  largest 
service  firm  to  hook  up  with  Google  and  will  focus 
on  companies  in  pharmaceuticals,  banking,  broker¬ 
age,  high-tech  and  aerospace. 

“The  idea  is  we  sell  a  very  general-purpose  plat¬ 
form  for  search,” says  Dave  Girouard,  general  manag¬ 
er  for  Google  Enterprise. “The  needs  within  different 
vertical  industries  and  the  different  types  of  informa¬ 


tion  sources  they  need  to  access  vary  dramatically 
You  need  to  be  pretty  deep  into  those  industries  to 
have  hands-on  knowledge  of  all  those  data  sources. 
BearingFbint  will  scope  how  those  companies  can 
best  use  search  and  implement  a  customized  ver¬ 
sion  of  Google  Search  that  works  with  their  busi¬ 
ness.”  BearingFbint  plans  to  focus  on  customizing 
and  extending  search  services  to  specific  industry 
platforms  such  as  enterprise  content  management 
systems;  building  in  access  control  and  authentica¬ 
tion  integration  with  corporate  identity  management 
systems;  and  developing  interfaces  for  specific 
deployments  such  as  call  centers  or  research  labs. 

“We  have  a  search  extension  platform  that  we  are 
using  to  develop  the  extension  software,  adapters 
and  plug-ins  that  go  with  the  Google  appliance,”  says 
Chris  Weitz,  managing  director  of  BearingFbint. “The 
software  platform  is  external  to  the  Google  appli¬ 
ance  and  allows  for  this  extra  layer  of  customization.” 
BearingFbint  has  yet  to  name  the  platform,  but  Weitz 
says  it  runs  off  a  Linux  or  Solaris  box  and  includes 
software  that  talks  to  the  Google  Search  Appliance. 
The  BearingPoint  platform  supports  XML-based 
feeds  from  specific  third-party  systems,  and  aggre¬ 
gates  information  from  structured  and  unstructured 
data  stores. 

“The  idea  here  is  that  there  are  enterprise  applica¬ 
tions  that  are  enormous  and  you  do  not  want  to 
crawl  and  index  the  entire  thing,”Weitz  says. “Rather 
than  open  a  floodgate,  you  need  some  intelligence 
that  applies  some  logic  or  filtering  or  targeting  to  the 
data  source  so  that  you  can  get  what  you  need  with¬ 
out  overwhelming  the  search  engine.” 

Weitz  says  the  software  gateway  is  one  of  many 
technologies  that  will  result  from  BearingFbint’s 
efforts  to  provide  customized  search  services.  ■ 


Network  security  is  the  key  to 
keeping  VoIP  networks  secure 


BY  TIM  GREENE 

Despite  warnings  that  VoIP  is 
vulnerable  to  a  new  breed  of 
attacks,  the  biggest  threat  remains 
weaknesses  in  general  network 
security. 

In  a  presentation  at  the  RSA 
Conference  2006  last  week,  David 
Endler,  chairman  of  the  VoIP 
Security  Alliance  and  director  of 
security  research  for  3Com's 
TippingFbint  division,  said  experts 
are  aware  of  possible  attacks  that 
could  be  made  against  VoIP  proto¬ 
cols,  but  worms,  viruses  and  other 
exploits  that  take  down  servers  or 
congest  networks  are  the  exploits 
that  hurt  VoIP  in  practice. 

Analysis  of  IP  voice  compo¬ 
nents  is  key  to  keeping  VoIP  net¬ 


works  secure,  he  said.  For  in¬ 
stance,  some  IP  PBXes  are  based 
on  Windows, so  any  security  flaws 
in  Windows  are  security  flaws  in 
the  voice  network. 

Customers  also  should  check 
the  management  platforms  of  IP 
voice  gear,  Endler  said.  For  exam¬ 
ple,  some  uses  TFTP  protocol, 
which  requires  no  authentica¬ 
tion,  so  hackers  could  glean 
information  about  a  VoIP  net¬ 
work  that  may  be  valuable  in 
itself  or  provide  information  for 
future  attacks. 

Some  VoIP  phones  include 
packet  capture  features  that  are 
useful  in  tracing  packets  to  ana¬ 
lyze  network  performance.  But  in 
the  wrong  hands  a  network  of 


phones  with  this  feature  could  be 
used  to  sniff  networks  for  sensitive 
traffic  such  as  passwords.  “This 
could  be  a  problem  especially  if 
the  phones  are  connected  to  a 
hub,”  where  they  could  view  all 
traffic  passing  through,  he  said. 

Logically  segmenting  VoIP  traffic 
on  its  own  virtual  LAN  can  help 
keep  it  clear  of  attacks  against 
data  traffic,  he  said. 

To  protect  VoIP  networks,  Endler 
recommends  patching  gear  regu¬ 
larly  against  known  threats, 
changing  default  passwords  on 
all  gear,  following  vendors’  check¬ 
lists  for  securing  gear  when 
installed,  using  intrusion-preven¬ 
tion  gear  and  using  VoIP-aware 
firewalls  to  protect  IP  PBXs.  ■ 


Where  Can  You  Turn  for 
a  Total  Solution? 

As  a  total  solutions  provider,  NEC 
understands  the  complexities  today’s 
converged  networks  can  present  to  your 
business.  With  our  proven  experience, 
we  know  what  it  takes  to  help  you  avoid 
traveling  in  the  wrong  direction. 

NEC  delivers  the  most  choices  of  IP 
communications  platforms  to  meet  the 
unique  needs  of  your  business.  Add  to 
that  a  strong  portfolio  of  applications  and 
services,  and  before  you  know  it,  your 
business  is  traveling  in  the  direction  of 
improved  customer  experience,  enhanced 
employee  productivity,  increased  revenue 
generation  and  maximum 
return  on  investment. 


Why  go  in  different  directions  when  you  can 
focus  on  a  Total  Solution?  Turn  to  NEC! 


www.necunified.com/ip 
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Health 

continued  from  page  1 

Corporation  (CSC),  IBM  and 
Northrop  Grumman  to  develop 
prototype  architectures  for  the 
NHIN.  Each  consortium  consists 
of  technology  developers,  hospi¬ 
tals,  laboratories,  pharmacies  and 
physicians  who  must  prove  that 
EHRs  can  be  exchanged  seam¬ 
lessly  among  entities.  The  consor¬ 
tia  are  using  existing  collectives  of 
hospitals  and  other  healthcare 
providers  called  regional  health 
information  organizations  (RHIO) 
to  build  these  data-interchange 
networks. 

“These  prototypes  are  the  key  to 
information  portability  for  Ameri¬ 
can  consumers  and  are  a  major 
step  in  our  national  effort  to  mod¬ 
ernize  healthcare  delivery?’  Brailer 
said  in  a  statement. 

Brailer  envisions  the  architec¬ 
ture  of  the  NHIN  to  be  such  that 
existing  RHIOs  can  connect  to  it, 
and  organizations  and  physician 


offices  that  are  not  part  of  an 
RHIO  also  will  be  able  to  connect. 

“I  did  not  start  out  by  believing 
the  national  solution  will  be  a 
network  of  regional  networks,” 
Brailer  said  in  his  keynote  speech 
at  H1MSS.  “Our  goal  with  the 
National  Health  Information  Net¬ 
work  is  to  allow  those  who  do  not 
want  to  participate  in  RHIOs  to 
not  have  to  do  it.” 

Two  networks  —  those  pro¬ 
posed  by  Northrop  Grumman 
and  CSC  —  consist  of  distributed, 
peer-to-peer  networks,  which  use 
a  federated  identity  model  that 
lets  organizations  share  identity 
data  with  trusted  network  access 
and  authentication.  Patient  infor¬ 
mation  would  be  identified  by 
unique  metadata  tags  and  be 
exchanged  among  organizations 
using  standard  protocols. 

Foremost  in  IT  professionals’ 
minds  in  building  these  net¬ 
works  is  how  physicians  will  be 
reimbursed  for  adopting  infor¬ 
mation  technology.  There  also 


IT  in  healthcare 

A  sampling  of  findings  from  the  “HIMSS  Leadership  Survey" 

of  205  IT  managers  and  CIOs. 

•  The  top  IT  priorities  are  implementing  technology  to  reduce  medical  errors  and 
promote  patient  safety,  and  to  deliver  an  electronic  health  record  (EHR)  system. 

•  Nearly  50%  of  the  respondents  indicate  they  have  a  fully  functional  EHR 
system  in  place,  36%  are  installing  such  a  system  and  25%  have  developed  a 
plan  to  do  so. 

•  20%  of  respondents  use  single  sign-on  technology;  78%  indicate  that  they  plan 
to  implement  it  in  the  next  two  years. 


are  technological  issues  about 
adopting  EHRs  and  a  nation¬ 
wide  health  network  that  need 
addressing,  such  as  a  lack  of  rec¬ 
ognized  standards,  the  security 
and  privacy  of  patient  health  in¬ 
formation  and  the  trusted  access 
and  authentication  of  clinicians 
to  EHR  information. 

Dr.  John  Halamka,  CIO  for 
Harvard  Medical  School  and 
chair  of  the  Health  Information 
Technology  Standards  Panel 


Convergence,  wireless  are 
fueling  telecom  spending 


BY  DENISE  PAPPALARDO 

The  telecom  slump  may  finally 
be  over  —  users  are  spending 
more  on  telecommunications  ser¬ 
vices  and  a  new  report  released 
last  week  shows  strong  growth  in 
network  equipment,  wireless 
devices,  wireless  services,  Internet 
access,  unified  communications 
and  conferencing. 

The  Telecommunications  In¬ 
dustry  Association’s  (T1A)  2006 
Telecommunications  Market  Re¬ 
view  and  Forecast,  which  is  the 
group’s  annual  assessment  of  the 
industry,  shows  the  U.S.  telecom¬ 
munications  business  overall  grew 
8.9%  in  2005,  to  $856.9  billion. 

TIA  President  Matthew  Flanigan  says,  “2005  was  a 
strong  year  for  the  overall  telecommunications  in¬ 
dustry:  It  seems  the  days  of  2%  to  3%  growth  like  we 
saw  in  2002  and  2003  respectively  are  behind  us.” 

'The  report  says  that  the  U.S.  telecom  business  will 
see  double-digit  growth  in  2006,  reaching  $944.7  bil¬ 
lion;  by  2007  it  will  reach  $1.2  trillion. TIA  says  com¬ 
panies  moving  to  converged  technologies,  the  con¬ 
solidation  of  the  service-provider  market  and  ram¬ 
pant  wireless  usage  all  are  fueling  telecom  growth. 

The  report  states  that  in  the  enterprise  “the  long- 
heralded  move  to  convergent  technologies  is  now 
taking  off.”  IP  equipment  and  services  are  beginning 
to  replace  legacy  technologies  such  as  IP  PBXs. 

Last  year  corporate  users  spent  $3.2  billion  on  IP 


Spending  stats 

TheTIA  predicts  customer 
spending  on  telecommuni¬ 
cations  will  grow  to  $110.5 
billion  by  2007 


Year 

$  in  billions 

%  growth 

2003 

S86.3 

3.4 

2004 

S92.0 

6.6 

2005 

S98.3 

6.9 

2006 

S104.5 

6.3 

2007 

$110.5 

5.7 

PBX  gear,  compared  with  $859  mil¬ 
lion  spent  on  legacy  PBX  equip¬ 
ment.  IP  PBX  buying  was  up  22.4% 
compared  with  2004  and  is 
expected  to  reach  $4.8  billion  by 
2009. 

TheTIA  report  says  that  between 
2004  and  2005  the  number  of 
wireless  users  surpassed  the  num¬ 
ber  of  traditional  wireline  tele¬ 
phone  users.  This  significant 
change  is  contributing  to  contin¬ 
ued  wireless  services  and  equip¬ 
ment  purchasing. 

In  2005  there  were  194.5  million 
wireless  users  and  172.1  million 
landline  users  in  the  United  States. 
In  2004  landline  users,  at  177.9  million, outnumbered 
wireless  users, at  169.9  million. 

In  2005  users  spent  $118.6  billion  on  wireless  ser¬ 
vices,  such  as  cellular,  paging  and  Wi-Fi,  compared 
with  $103.3  billion  in  2004.  Users  also  spent  $15  bil¬ 
lion  on  wireless  devices,  such  as  cellular  phones, 
pagers  and  PDAs.  That’s  up  22.6%  from  2004,  when 
users  spent  $12.2  billion  on  wireless  devices. 

An  uptick  in  fiber-optic  service  revenue  is  also  con¬ 
tributing  to  growth  and  is  a  big  change  from  the  dark 
days  of  telecom.  In  2001  fiber  revenues  reached 
$14.1  billion,  then  headed  downward  in  2002  and 
2003, to  $5.3  billion  and  $4.2  billion, respectively. 2004 
was  the  first  year  of  improvement,  with  2005  solidify¬ 
ing  that  growth.  In  2004  fiber  revenues  jumped  to 
$6.8  billion,  and  in  2005  increased  to  $9.5  billion.  ■ 


(HITSP),  is  charged  with  dealing 
with  one  of  these  concerns  by 
coordinating  the  standards  for 
medical  vocabulary  and  elec¬ 
tronic  data  exchange. 

“You  say  we  have  standards  for 
credit  cards,  but  what  are  the  stan¬ 
dards  for  electronic  patient  health 
information?”  Halamka  asked.“We 
talk  about  content  standards  for 
vocabularies,  structural  standards 
like  [Health  Level  7]  and  security 
standards  such  as  [Security  Asser¬ 
tion  Markup  Language].  Many 
people  would  agree  that,  because 
the  network  will  use  the  Internet, 
HITSP  would  be  a  reasonable  way 
to  exchange  information.” 

Part  of  HITSP’s  work  will  be 
deciding  what  standards  to  use  — 
Digital  Imaging  and  Communica¬ 
tions  in  Medicine, HL7,. Net, SAML, 
Simple  Object  Access  Protocol  or 
XML.  The  committee  is  expected 
to  deliver  its  recommendations  as 
early  as  June. 

Another  concern  is  building  out 
EHR  systems  to  support  this  net¬ 
work.  In  an  HIMSS  survey  released 
at  the  show,  as  many  as  half  of  the 
205  respondents  cited  the  lack  of 
financial  support  as  a  barrier  to 
deploying  IT  projects  and  sys¬ 
tems.  The  top  priorities  are  reduc¬ 
ing  medical  errors  and  promoting 
patient  safety  and  implementing 
an  EHR  system.  Over  the  next  two 
years,  46%  of  the  respondents 
indicated  their  top  priority  is  im¬ 
plementing  an  EHR  system. 

Only  one-fifth  of  the  respon¬ 


dents  indicated  they  have  imple¬ 
mented  a  single  sign-on  system  to 
give  one-step  access  to  the  multi¬ 
ple  applications  they  use.  Single 
sign-on  is  an  essential  component 
of  an  EHR  system,  users  say 

“Single  sign-on  is  one  of  the  first 
things  you  need  to  address,”  says 
Linda  Hill,  manager  for  technical 
assistance  at  Sharp  HealthCare,  an 
1,867-bed  hospital  collective  in 
San  Diego “Then  you  need  to  look 
at  the  ownership  of  the  informa¬ 
tion  —  who  has  it,  who  doesn’t, 
what  we  control  access  to.” 

At  Sharp,  Hill  says  she  has 
“made  a  tremendous  amount  of 
progress  in  getting  all  the  hospi¬ 
tal  information  on  a  patient  in 
one  place  at  one  time.  Now  we 
are  rolling  out  a  system  for  our 
clinics  and  will  have  to  deal  with 
how  we  get  that  information  to 
go  back  and  forth.”  Hill  uses 
Courion’s  Enterprise  Provisioning 
Suite  to  do  password  synchro¬ 
nization  among  applications. 

As  for  who  will  operate  the 
NHIN,  Brailer  says  the  govern¬ 
ment  will  not.  He  envisions  it 
being  managed  by  a  series  of 
companies  or  service  providers 
that  offer  access,  authentication 
and  connectivity. 

“Companies  will  start  offering 
competitive  NHIN  service  offer¬ 
ings  not  unlike  Verizon  and 
T-Mobile  offer  cellular  connectiv¬ 
ity?’  Brailer  says.  “Electronic  health 
records  and  connectivity  could 
get  packaged  together?’ 

Brailer  also  doesn’t  view  NHIN 
as  a  client/server  network  like  the 
network  the  Department  of 
Defense  has  implemented  for  its 
military  personnel. 

NHIN  is  “a  lightly  brokered  net¬ 
work  that  has  an  index  that  says 
data  on  this  person  is  at  this  loca¬ 
tion,"  Brailer  says.  “That  gets  lay¬ 
ered  on  with  some  very  specific 
needs  of  brokered  security.  If  we 
don’t  have  any  existing  trust  rela¬ 
tionships  [or  federation] , how  do  1 
know  who  to  trust  getting  the 
data?”  Brailer  asks.  ■ 
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Questions  about  application  acceleration? 

Curious  about  the  different  approaches  to  speeding  up  those  applications?  We've  in¬ 
vited  Cisco,  Citrix,  Racketeer  and  Silver  Peak  to  discuss  their  approaches.  They'll  be 
online  the  week  of  Feb.  27  to  answer  your  questions  —  and  well  have  a  library  of 
links  to  related  papers.  If  you  want  to  get  a  head  start,  however,  send  your  WAN 
acceleration  questions  to  agaffin(a>nww.coni  now,  and  the  vendors  will  start  working 
on  answers. 
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continued  from  page  1 

have  a  broad  swath  of  security 
vendors  in  the  anti-virus,  patch 
management  and  endpoint  secu¬ 
rity  arenas  cooperating  to  support 
a  common  framework  that  recog¬ 
nizes  violations  of  security  policy 
and  restricts  access  until  remedia¬ 
tion  takes  place. 

That  Gates  and  Chambers  were 
talking  about  separate  frame¬ 
works  was  not  lost  on  the  audi¬ 
ence.  Microsoft  and  Cisco  are  fos¬ 
tering  individual  technology  alli¬ 
ances  to  back  their  visions — with 
many  vendors  playing  in  both. 
Despite  assurances  to  customers 


Microsoft's  Bill  Gates  shares  his 
vision  of  security  vendors  working 
within  a  common  framework  that 
recognizes  security  violations. 

more  than  a  year  ago  that  they 
would  merge  their  efforts,  that 
issue  remains  unresolved. 

This  uncertainty  has  con¬ 
tributed  to  widespread  skepticism 
about  both  initiatives,  known  as 
Microsoft’s  Network  Access  Pro¬ 
tection  (NAP)  —  expected  out 
with  the  Vista  operating  system 
later  this  year  —  and  Cisco’s  Net¬ 
work  Admission  Control  (NAC), 
currently  in  its  first  release  of 
client  software  and  support  on 
Cisco  gear. 

“Conceptually,  this  is  a  fantastic 
idea,”  said  conference  attendee 
Keith  Weisman,  senior  security 
engineer  for  OfficeMax  in  Itasca, 
lll.“But  I’m  still  generally  skeptical. 
And  we’re  also  wondering  what 
this  is  going  to  cost.” 

OfficeMax  has  turned  to  other 


*The  story  "Anti-virus  vendors 
target  network-access  control" 
(Feb.  13,  page  22)  should  have 
had  the  sources’  names  spelled  CJ 
Desai  and  Jon  Brody. 
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approaches,  including  Lancope’s 
StealthWatch  appliance,  to  inter¬ 
nally  monitor  for  worm  infections, 
spyware  and  intrusions. 

In  a  conference  session  on  net- 
work-access  control,  Gartner  ana¬ 
lyst  Lawrence  Orans  alluded  to 
the  angst  caused  by  the  lack  of 
news  from  Cisco  and  Microsoft  as 
to  how  they  will  merge  their  tech- 
nologies.The  companies  pledged 
in  October  2004  that  they  would 
cooperate  to  ensure  that  NAP  and 
NAC  worked  together.  Orans  invit¬ 
ed  panelists  Khaja  Ahmed,  Micro¬ 
soft  software  architect,  and  Russell 
Rice,  Cisco’s  director  of  marketing, 
to  clarify  how  far  any  joint  effort 
has  progressed. 

Ahmed  said  NAP  “will  cause  you 
to  re-architect  your  network”  and 
will  “bind  together  two  distinct 
groups,”  that  today  are  largely  sep¬ 
arate  —  network  and  applications 
security  He  also  said  “we  don’t 
have  a  committed  road  map”  for 
any  joint  technology  with  Cisco 
and  that  the  NAP  effort  was  turn¬ 
ing  out  to  be  more  complex  than 
once  thought. 

Rice  said  the  work  with  Micro¬ 
soft  is  ongoing. 

NAG  works  for  user 

The  enterprise  customer  on  the 
panel ,  Fran  k  Watts,  sen  ior  architect 
in  the  IT  risk-management  divi¬ 
sion  at  JP  Morgan  Chase  &  Co., 
said  he  tested  the  Cisco  NAC- 
based  Trust  software  with  LANs  in 
a  lab, and  it  did  work  to  determine 
the  need  for  Symantec  anti-virus 
on  desktops. 

“It  worked  pretty  much  as  adver¬ 
tised,"  said  Watts,  who  added  that 
JP  Morgan  Chase  sees  huge 
potential  in  using  this  type  of  end¬ 
point  security  to  identify  risky  or 
infected  computers,  quarantine 
them  and  get  them  up  to  speed 
quickly  in  terms  of  safety 

But  Watts  said  the  firm  decided 
to  wait  for  Cisco’s  Phase  II  NAC 
and  is  looking  at  a  few  alterna¬ 
tives,  including  software  devel¬ 
oped  by  Sygate,  which  was 
acquired  late  last  year  by  Syman¬ 
tec.  He  said  Sygate  had  been  seen 
as  a  start-up  that  was  more  risky, 
but  after  Symantec  bought  Sygate 
its  software  (now  called  Syman-  j 
tec  Pblicy  Enforcer)  was  consid¬ 
ered  a  viable  possibility 

“I’m  waiting  for  the  market  to 
mature,"  said  another  RSA 
attendee,  Mark  Butler,  security 
services  manager  at  H&R  Block 
in  Kansas  City,  Mo.  He  said  taking 
a  quarantine  action  against  a 
desktop  would  be  a  significant 


step  with  management  implica¬ 
tions  that  needed  to  be  better 
understood. 

Vendors  seem  to  be  making  net¬ 
work-access  control  announce¬ 
ments  every  day  3Com  Chief  Tech¬ 
nology  and  Strategy  Officer  Marc 
Willebeek-LeMair,  in  his  keynote 
address  at  RSA,  outlined  how 
3Com’s  intrusion-prevention  sys¬ 
tem,  TippingPoint,  is  undergoing 
changes  over  the  next  few  months 
so  it  will  restrict  access  control 
and  perform  quarantine  functions 
using  Microsoft’s  upcoming  NAP 
client,  and  perhaps  other  methods 
as  well. 

Willebeek-Lemair  said  there 


should  be  an  “open  ecosystem” 
and  a  “framework”  so  “best-of- 
breed”  technologies  can  work 
together. 

Irrespective  of  what  happens 
between  Microsoft  and  Cisco, 
some  security  managers  argue 
that  quarantine  of  a  desktop  is 
radical  and  disruptive. 

They  say  such  a  move  will 
require  a  tough  review  by  IT 
departments  and  business  man¬ 
agement  before  going  forward 
with  policy-based  network-access 
control. 

“You  have  to  talk  about  what 
effects  you  have  on  the  business,” 
said  Patricia  Myers,  chair  of  the 


ISC2,  the  IT  security  professionals 
membership  organization. 

Quarantining  endpoint  devices 
“is  going  to  have  a  considerable 
impact  on  end  users,  and  you 
have  to  ask  about  the  cost,"  she 
said.B 


nww.com 

RSA  roundup 

Follow  along  with  what  Senior  Editor 
Ellen  Messmer  saw  at  the  RSA 
Conference  in  her  daily  blog. 
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Businesses  should  pay  more 
attention  to  software  security 


BY  TIM  GREENE 

SAN  JOSE  —  Most  businesses  aren’t  doing  enough 
to  build  and  buy  securely  written  software,  accord¬ 
ing  to  a  panel  of  corporate  security  executives,  acad¬ 
emics  and  professional  software  developers  speak¬ 
ing  at  the  RSA  Conference  last  week. 

The  problem  stems  in  part  from  a  failure  to  ask 
about  how  securely  commercial  software  is  written 
and  failure  to  train  in-house  software  developers  to 
write  applications  that  leave  few  vulnerabilities,  said 
the  panel  that  was  drawn  together  by  the  Secure 
Software  Forum,  a  group  founded  last  year  to  pro¬ 
mote  applications  that  resist  attacks. 

The  threat  is  enormous,  according  to  Gartner, 
which  says  70%  of  business  security  vulnerabilities 
are  at  the  application  layer.  This  is  compounded  by 
64%  of  in-house  business  software  developers  admit¬ 
ting  they  lack  confidence  that  they  can  write  secure 
applications,  according  to  research  done  by 
Microsoft,  a  sponsor  of  the  forum. 

But  businesses  need  to  do  better,  said  Dave 
Cullinane,  chief  information  security  officer  of  finan¬ 
cial  firm  Washington  Mutual  in  Seattle  Wash. “If  you 
have  an  application  exposed  to  the  Internet  that  will 
allow  people  to  make  money,  it  will  be  probed,” 
Cullinane  said,  and  the  consequences  of  being 
breached  are  not  only  financial  but  also  damaging 
to  the  reputation  of  the  company.  “You  will  lose 
money;  you  will  have  problems.  The  reputation  risk 
can  literally  put  you  out  of  business.  Twenty  percent 
to  45%  of  customers  will  leave  you  if  you  report  a 
security  breach.” 

When  buying  commercial  software  for  business 
applications,  corporate  customers  need  to  find  out 
what  architectural  procedures  the  vendor  followed 
and  how  stringently  the  software  has  been  tested  for 
weaknesses  that  can  be  exploited,  the  panel  said. 

This  software  review  should  include  finding  out 
where  software  is  written  —  whether  it  is  outsourced 
to  other  companies  —  and  what  the  security  para¬ 
meters  these  consultants  follow,  the  panel  said. 

In  addition,  businesses  should  train  their  in-house 
application  developers  in  writing  secure  code.  If 


they  have  knowledge  of  security  threats,  they  can 
defend  against  them  when  they  write,  the  panel  said. 

In  practice,  very  few  companies  do  this,  according 
to  a  survey  of  Fortune  1000  companies  polled  by  the 
forum  during  seminars  it  held  over  the  past  year. 
Only  36%  of  those  companies  polled  educate  their 
software  teams  about  security  and  30%  said  they 
have  integrated  security  assurance  programs  in  their 
software  development  process. 

Panel  member  Caleb  Sima,  CTO  of  SPI  Labs, 
agreed  that  education  helps,  but  developers  also 
need  tools  that  flag  potential  flaws  as  the  code  is 
being  written  and  can  fix  them  automatically  The  job 
of  the  developer  should  be  to  write  applications  that 
perform  specified  functions  and  accomplish  the  task 
in  a  set  amount  of  time.They  are  not  security  experts, 
nor  should  they  be. 

Penny  Lane,  chief  information  security  specialist 
for  Visa  in  San  Francisco,  said  developers  don’t  have 
a  good  picture  of  the  realm  of  threats  at  all  different 
layers  of  the  network,  so  they  have  trouble  conceiv¬ 
ing  of  the  types  of  threats  they  should  guard  against. 

Justin  Peaveyvice  president  of  security  architecture 
and  engineering  for  State  Street  in  Boston,  said 
developers  should  write  applications  according  to 
sound  principles  that  isolate  the  areas  of  code  that 
represent  risk  so  if  a  flaw  is  found,  only  a  few  lines  of 
code  need  to  be  rewritten  to  fix  it.“If  the  threat  is  dis¬ 
tributed  throughout  the  code,  then  it’s  impossible  to 
find  the  vulnerability’ he  said. 

Once  code  is  written,  it  should  be  tested  for  flaws. 
This  task  may  have  to  be  performed  by  specially 
trained  staff  because  normal  quality  assurance 
testers  don’t  have  the  training  to  do  the  job,  the 
panel  said.B 


I  See  more  coverage  from  the  RSA  Conference: 

•  CA  set  to  tackle  Web  services  security.  Page  17. 

•  Experts  say  security  products,  implementations 
need  to  improve  drastically.  Page  17. 

•  Sophos  unveils  e-mail  security  appliance.  Page  22. 
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systems  causing  crashes,  slowdowns,  freeze-ups  and  even  total 
system  failures. 


NEW  Diskeeper  10  provides  new  adaptive  technology  designed  to  wring 
every  last  drop  of  performance  out  of  every  computer  on  your  network. 


No  more  complaints  from  users  waiting  50  seconds  opening  a  Word 
document,  45  seconds  saving  a  file  or  70  seconds  searching  for  one.* 
With  Diskeeper’s  advanced  automatic  “Set  It  and  Forget  It”®  technology, 
peak  performance  is  maintained  -  automatically! 


Diskeeper  10  “Set  It  and  Forget  It”  Features 


NEW!  I-FAAST™  (Intelligent  File  Access  Acceleration  Sequencing 
Technology),  breakthrough  disk  performance  calibration  technology 
that  boosts  access  speeds  for  the  most  commonly  accessed  files. 


NEW!  Terabyte  Volume  Engine™  defrags  large  volumes,  SANs, 
RAIDs  and  NAS,  quickly  and  thoroughly. 


NEW!  Core  enhancements  provide  faster,  more  thorough 
defragmentation 


•  NEW!  Enhanced  I/O  Smart™  intelligently  provides  transparent 
defragmentation  ensuring  uninterrupted  system  operation. 


EXCLUSIVE!  “Set  It  and  Forget  It”  scheduling  includes 
SmartScheduling™  for  fully  customized  and  automatic 

defragmentation  based  on  individual  usage  patterns. 


NEW!  Enhanced  user  interface  provides  easy  configuration  and 
scheduling  as  well  as  reports  on  disk  health,  real  time  performance 
and  fragmentation  statistics. 

NEW!  Native  64  bit  operating  systems  support. 


Every  system  on  your  network  needs  Diskeeper,  The  Number  One 
Automatic  Defragmenter  with  over  17  million  licenses  sold! 


Volume  licensing  and  Government  /  Education  discounts  are  available 
from  your  favorite  reseller  or  call  800-829-6468  code  4342 


SPECIAL  OFFER 

TRY  NEW  DISKEEPER  FREE  FOR  45  DAYS! 

Download:  www.diskeeper.com/nw10 

(Note:  Special  45  day  trial  only  available  at  above  link) 


‘Windows®  IT  Pro,  The  Impact  of  Disk  Fragmentation  white  paper 


corporation 


©2005  Diskeeper  Corporation.  All  Rights  Reserved.  Diskeeper,  The  Number  One  Automatic  Defragmenter,  l-FAAST,  I/O  Smart.  SmartScheduling.  Terabte  Volume  Engine,  "Set  It  and  Forget  It",  and 
the  Diskeeper  Corporation  logo  are  registered  trademarks  or  trademarks  owned  by  Diskeeper  Corporation  in  the  United  States  and/or  other  countries.  Windows  is  a  registered  trademark  or 
trademark  owned  by  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  Diskeeper  Corporation  •  7590  N.  Glenoaks  Blvd.  Burbank,  CA  91 504  •  800-829-6468  •  www.diskeeper.com 


14  •  www.networkworld.com  •  2.20.06 


Active  Directory  gains  broader  role 


Active  Directory  makeover 

Microsoft  is  integrating  its  lineup  of  identity  technology  into  its  Active  Directory  platform  to  provide 
users  with  a  single  infrastructure  for  controlling  identity  and  access  management. 


New  name 

Former  name 

Description 

Active  Directory  Domain  Services 

Active  Directory  Domain  Controller 

A  server  that  hosts  a  single  copy  of  Active 
Directory. 

Active  Directory  Lightweight  Directory 
Services 

Active  Directory  Application  Mode 

A  stand-alone  directory  that  can  be  dedicated 
to  a  single  application. 

Active  Directory  Rights  Management 
Services 

Windows  Rights  Management  Services 

Digital  rights  management  for  documents  and 
other  files. 

Active  Directory  Certificate  Services 

Windows  Certificate  Services 

Platform  for  issuing,  managing  digital  certificates. 

Active  Directory  Metadirectory  Services 

Identity  Integration  Feature  Pack 

Engine  for  provisioning  services. 

BY  JOHN  FONTANA 

Microsoft  last  week  laid  out  a 
new  road  map  for  Active 
Directory  designed  to  transform  it 
into  the  centerpiece  of  the  com¬ 
pany’s  effort  to  provide  users  with 
an  integrated  identity  manage¬ 
ment  platform. 

While  the  directory  has  been  a 
core  piece  of  Microsoft’s  identity 
infrastructure,  it  will  become  the 
platform  for  strong  credentials, 
access  control,  single  sign-on,  fed¬ 
erated  identity  information-rights 
protection,  process  automation 
and  auditing. 

Microsoft  plans  to  build  that  col¬ 
lection  of  identity  technologies 
directly  into  the  server  operating 
system  as  part  of  Longhorn  Server, 
which  is  slated  to  ship  in  2007.The 
technologies  will  become  instal¬ 
lable  features  much  like  DNS  is 
today  in  Active  Directory  Beta  2  of 
the  server,  which  includes  the  new 
identity  features,  is  expected  to  be 
available  before  the  end  of  June. 

Experts  say  one  of  Microsoft’s 
weaknesses  has  been  lack  of  inte¬ 
gration  among  its  identity  tech¬ 


nologies.That  weakness  has  been 
highlighted  over  the  last  year  as 
Microsoft  competitors  such  as  CA, 
IBM,  Oracle  and  Sun  have  each 
integrated  their  technologies  to 
create  their  own  platforms. 

“Pulling  this  together  so  that  it  is 
all  integrated  is  the  good  news,” 
says  John  Enck,  an  analyst  with 
Gartner.  “1  worry  however,  that  this 
makes  Active  Directory  seem  too 
complex.  I  worry  about  them  tak¬ 


ing  this  too  far.  What’s  next,  Active 
Directory  Server  2007?  Where  do 
you  end  the  platform  and  start  the 
directory  services  or  the  identity 
management  platform?  They  are 
not  clear  on  that  and  I  think  that 
will  confuse  the  market.” 

What  is  clear  is  that  many  of  the 
services  that  rely  on  Active  Direct¬ 
ory  for  object  or  user  data  are 
now  being  renamed  (see  graph¬ 
ic)  with  the  Active  Directory  tag. 


Microsoft  internally  also  has  creat¬ 
ed  an  identity  and  access  man¬ 
agement  group  headed  by  com¬ 
pany  veteran  Peter  Houston. 

Microsoft  officials  say  the  first 
wave  of  integration  will  be  related 
to  common  set-up  features  and 
documentation. 

Michael  Stephenson,  group 
product  manager  for  Windows 
Server, says  customers  will  be  able 
to  activate  any  of  the  new 


Longhorn  directory  services  with¬ 
out  having  to  redeploy  their  entire 
Windows  Server  2003  domain 
architecture. 

Gil  Kirkpatrick,  CEO  of  an  inde¬ 
pendent  software  vendor  called 
NetPro,  says,  “We  have  seen  the 
early  code  on  this  and  it  looks  like 
they  have  the  platform  well 
defined." 

The  integration  also  supports 
Microsoft’s  Identity  Metasystem 
initiative,  which  was  unveiled  last 
June  and  includes  Active 
Directory  along  with  user-centric 
privacy  controls  in  the  form  of  a 
client  technology  called 
InfoCard;  a  Longhorn  middle¬ 
ware  technology  called  Windows 
Communication  Foundation  (for¬ 
merly  Indigo);  and  a  slate  of  Web 
services-based  protocols. 

Microsoft  also  announced  the 
first  beta  of  its  Certificate  Lifecycle 
Manager,  policy  and  workflow-dri¬ 
ven  software  acquired  when  it 
bought  Alacris. 

In  addition,  Microsoft  says 
InfoCard  will  be  supported  in 
Internet  Explorer  7.0.  ■ 


Microsoft's  Office  2007  includes  new  twists 


BY  JOHN  FONTANA 

Microsoft  last  week  unveiled  its  Office 
2007  package,  which  includes  a  collection 
of  new  applications,  servers,  bundles  and 
licensing  options  for  collaboration,  content 
management  and  business  intelligence. 

The  debut  of  Office  2007,  which  was  code- 
named  Office  12,  also  is  the  coming-out 
party  for  the  real-time  collaboration  tools 
Microsoft  acquired  when  it  bought  Groove 
in  March  2005.  The  Groove  offerings  will 
include  Office  Groove  2007  and  Office 
Groove  Server  2007,  as  well  as  Microsoft 
hosted  services  —  Groove  Enterprise 
Services  and  Office  Live  Groove  —  that  pro¬ 
vide  online  Groove  collaboration  features. 

Office  2007  also  reveals  that  Microsoft 
intends  to  ride  the  popularity  of  its  Share- 
Paint  Server  by  making  it  the  centerpoint  of 
its  back-end  collaboration  infrastructure. 

“Microsoft  is  emphasizing  collaboration 
again,”  say  Chris  LeTocq,  principal  analyst 
with  Guernsey  Research.  He  says 
ShareFbiut  presents  an  attractive  option  to 
today’s  cumbersome  e-mail  threads. 

Microsoft  has  updated  SharePaint  Server, 
which  was  formerly  called  SharePbint 
Partal  Server  'Pie  company  says  the  server 
coupled  with  the  two  enterprise  versions  of 
Office  2007  provide  a  full  collaboration 


environment,  including  content  manage¬ 
ment,  routing/approval,  electronic  forms 
and  search. Those  two  Office  versions  are 
the  new  Enterprise  2007  edition  and  the 
renamed  Professional  Plus  2007,  which  is 
the  replacement  for  Office  Professional 
Enterprise  Edition  2003. 

“This  is  the  nod  that  SharePoint  is  the  serv¬ 
er  we  are  going  to  put  a  lot  of  the  collabo¬ 
ration  work  under?  says  John  Carins,  senior 
director  of  information  worker  licensing 
and  packaging  for  Microsoft. 

Carins  says  Microsoft  expects  a  majority 
of  corporate  users  to  opt  for  the  Pro¬ 
fessional  Plus  edition  of  Office  and  couple 
it  with  SharePoint  Server. 

He  says  Microsoft  would  discontinue  its 
Content  Management  Server  and  fold  the 
capabilities  into  SharePoint  Server,  which 
also  is  the  back-end  support  for  document 
routing  and  approval,  electronic  forms 
capabilities  and  search. 

Office  2007  also  features  new  bundles 
and  applications, as  well  as  some  licensing 
options  restricted  to  volume-licensing  cus¬ 
tomers.  One  notable  change  is  that  the 
Student  and  Home  edition  of  Office  will 
drop  Outlook  in  favor  of  OneNote,  a  note¬ 
taking  program. 

The  new  licensing  options  for  Office  2007 


will  give  customers  with  volume-licensing 
contracts  exclusive  access  to  the  Enterprise 
and  Professional  Plus  packages. 

The  main  difference  between  the  two 
bundles  is  the  inclusion  of  Office  Groove  in 
the  Enterprise  Edition.  Both  will  ship  with 
the  Office  Communicator  client  for  instant 
messaging  and  real-time  communications, 
including  VoIP 

Also,  all  the  Office  servers,  along  with  the 
Communicator  and  Office  Groove  client 
software,  are  available  only  with  volume¬ 
licensing  contracts. 

Another  change  is  the  new  Office  Share- 
Point  Designer  2007,  which  will  replace 
FrontPage  2003. 

Office  2007  will  include  new  server  tech¬ 
nology  among  the  13  new  products  avail¬ 
able  in  the  Office  2007  product  family.  New 
are  the  Microsoft  Office  Project  Portfolio 
Server  2007,  which  provides  project  and 
portfolio  management,  and  Microsoft 
Office  Forms  Server  2007,  an  electronic- 
forms  platform. 

Microsoft  also  is  adding  a  client  access 
license  (CAL)  option  beyond  its  Core  CAL. 
Core  CAL  includes  access  licenses  for 
Windows  Server,  Exchange  Server,  Office 
SharePoint  Server  and  Systems  Manage¬ 
ment  Server.  The  new  Enterprise  CAL  adds 


enterprise  data  searching,  spreadsheet  pub¬ 
lishing,  Web-based  form  creation  and  uni¬ 
fied  messaging.  Enterprise  CAL  will  enable 
access  to  features  for  Microsoft  Operations 
Manager,  Office  Live  Communications 
Server,  Rights  Management  Services  and 
Microsoft  security  software. 

Also  new  is  Office  Communicator  Web 
Access,  a  browser-based  version  of  the  IM 
client  for  the  desktop. 

Office  2007  is  expected  to  ship  by  year- 
end, with  pricing  relatively  unchanged  from 
Office  2003.  A  beta  2  version  of  Office  2007 
will  be  available  before  the  middle  of  the 
year,  according  to  Microsoft.  ■ 
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Blade  server  switch  market  in  flux 


BY  PHILHOCHMUTH 

While  some  network  vendors 
are  jumping  out  of  the  blade  serv¬ 
er  market,  others  are  expanding 
their  reach  into  blade  systems 
with  new  partnerships. 

Nortel  last  week  said  it  will  spin 
off  its  Blade  Server  Switch 
Business  Unit  as  the  start-up  Blade 
Network  Technologies,  which  will 
focus  solely  on  building  network 
switches  for  blade  chassis. 

Also  last  week,  Dell  said  it  will 
start  offering  Cisco  Gigabit  Ether¬ 
net  switch  modules  in  its  Power- 
Connect  blade  servers,  in  addition 
to  Dell’s  own  brand  of  blade  serv¬ 
er  switches. 

Observers  say  vendors’  varying 
positions  in  the  blade  server  mar¬ 
ket  result  partly  from  the  debate 
over  where  network  intelligence 
should  reside  —  in  servers  or  net¬ 
work  gear. 

Blade  server  switch  modules 
typically  offer  four  to  24  Fast  or 
Gigabit  Ethernet  ports.  The  mod¬ 
ules  occupy  a  slot  in  a  blade  serv¬ 
er  chassis,  providing  interconnec¬ 
tivity  for  server  blade  nodes  or 
connections  to  network  devices 
outside  the  blade  server  chassis. 
This  latter  role  is  more  prevalent, 
as  server  vendors  integrate  Ether¬ 


The  switch/ 
blade  fold 

Ethernet  technology 
vendors  that  are  members 
of  the  Blade.org  blade 
server  special  interest 
group  include: 

Company 

Connectivity 

technology 

Broadcom 

Ethernet  silicon  and 
components 

Intel 

Ethernet  silicon  and 
components 

Myricom 

High-speed 

interconnects 

Nortel 

LAN  switch  blade  models 

Tehuti 

Networks 

Ethernet  silicon  and 
components 

net  as  the  backplane  fabric  tech¬ 
nology  connecting  server  blades 
internally  in  a  self-contained  LAN. 

One  expert  says  installing  LAN 
switch  blades  into  a  blade  server 
chassis  is  a  logical  continuation  of 
the  blade  server’s  main  role:  con¬ 
solidation. 

“Instead  of  having  lots  of  boxes 


stacked  up,  you  have  one  chassis 
in  which  you  put  in  many  CPU 
blades,”  says  Dan  Golding,  a 
Burton  Group  analyst.  “To  tie  to¬ 
gether  what  are  essentially  com¬ 
puters, you  need  some  kind  of  net¬ 
work  backplane.  That’s  what  you 
get  out  of  having  an  integrated 
Ethernet  switch.” 

Analyst  firms  do  not  break  out 
shipments  of  Ethernet  ports  as 
blade  server  switch  modules,  so 
the  size  of  this  sub-market  is  hard 
to  gauge.  Nortel  says  it  has  more 
than  52,000  blade  server  switches 
deployed.The  blade  server  market 
as  a  whole  is  expected  to  reach 
$10  billion  by  2009,  up  from  $2  bil¬ 
lion  last  year,  1DC  says. 

Users  say  putting  switches  inside 
blade  simplifies  cable  manage¬ 
ment  and  provides  more  options 
for  server  failover.  IBM  Blade- 
Center  chassis  used  at  the  North 
Carolina  Department  of  Revenue’s 
data  center  have  Nortel  Layer  2/3 
switch  modules  installed.  The 
Nortel  blade  connects  the  server 
blades  with  redundant  links. 
Dennis  Fox,  network  specialist  for 
the  Department  of  Revenue,  says 
this  is  a  much  easier  configuration 
to  manage  than  handling  linking 
blades  to  an  external  LAN  switch. 


“You  might  as  well  just  have 
racks  of  1U  [single-rack-unit] 
servers  if  you’re  going  to  do  that.” 

While  Nortel  distances  itself 
from  the  blade  server  market  with 
its  new  spinoff,  Cisco  appears  to 
be  reaching  for  a  hold  in  blade 
server  chassis  with  its  recent  Dell 
partnership  and  last  year’s  acqui¬ 
sition  of  TopSpin,  which  offers 
Fiber  Channel  storage  blades  for 
IBM  blade  severs. 

Industry  observers  say  convert¬ 
ing  network  service  modules  into 
blade  server  cards  would  take 
away  from  network  vendors’  core 
business:  selling  large  chassis 
filled  with  high-function  line 
cards.  Plus,  switch  vendors  say 
customer  demand  is  not  there  yet. 

“When  [customers]  go  to  a 
large  blade  server  implementa¬ 
tion,  they  still  prefer  to  have  our 
box  outside  the  blade  chassis 
itself,”  said  F5  Networks  CEO  John 
McAdam  in  a  previous  interview. 
F5  makes  blades  that  run  its  load 
balancing,  traffic  acceleration 
and  security  features  on  blades 
for  HP  and  IBM  chassis.  Our  cus¬ 
tomers  spent  much  more  money 
on  us  with  products  that  sit  out¬ 
side  the  blade  chassis  than 
inside,”  McAdam  said.  ■ 


Analysts:  Juniper  could  be  doing  better 


BY  JIM  DUFFY 

BURLINGAME,  Calif., — Juniper  emphasized 
its  laser-like  focus  as  a  core  component  of  its 
success  over  the  past  10  years  —  but  attendees 
of  the  company’s  annual  Analyst  Day  say  it 
may  have  to  defocus  a  bit  in  order  to  land 
more  deals  and  regain  market  share. 

Juniper  kicked  off  its  conference  last  week 
with  press  releases  extolling  its  position  as  the 
overall  No.  2  enterprise  and  service  provider 
router  vendor,  behind  longtime  leader  Cisco. 
One  release,  citing  market  share  data  from 
Synergy  Research,  boasted  that  Juniper  has 
achieved  an  impressive  30%  share  in  high-end 
enterprise  routing. 

But  such  back  patting  didn’t  sway  skeptical 
analysts,  who  grilled  company  executives  on 
share  recently  lost  to  Alcatel  in  carrier  edge 
routing;  Juniper’s  lack  of  systems  integration 
expertise  for  hot  new  markets  such  as  IP  TV; 
the  absence  of  Ethernet  switching  products  for 
aggregation  at  the  carrier  edge;  and  expand¬ 
ing  its  presence  in  the  enterprise  market. 

"They’re  growing  revenue  but  losing  busi¬ 
ness,”  said  Ron  Westfall,  an  analyst  at  Current 
Analysis.  Product  and  proficiency  gaps  are 
“lessening  its  ability  to  close  more  deals.” 


Some  of  those  deals  are  going  to  Alcatel, 
whose  market  share  in  IP  edge  aggregation 
routing  has  shot  up  from  9.2%  in  the  second 
quarter  of  2005  to  25.6%  in  the  fourth  quarter, 
according  to  Synergy  Research.Alcatel  has  dis¬ 
placed  Juniper  as  the  No.  2  vendor  in  IP  edge 
aggregation  routing,  Synergy  says. 

Analysts  pointed  to  a  three-pronged  strategy 
for  Alcatel’s  success:  an  Ethernet  aggregation 
switch  to  couple  with  an  IP  service  router  for 
IP  TV  deployments;  a  deep  IP  TV  partnership 
with  Microsoft;  and  systems  integration  exper¬ 
tise  to  unite  all  the  components  of  an  IP  TV 
buildout.  They  suggested  Juniper  will  have  to 
attain  —  or  obtain  —  similar  capabilities  in 
order  to  compete  with  Alcatel  and  the  recent 
marriage  of  Cisco  and  Scientific-Atlanta  for 
multibillion-dollar  IP  TV  deals. 

Juniper  countered  by  saying  that  the  two 
largest  IP  TV  networks  in  the  world  are 
deployed  by  service  providers  PCCW  and 
FastWeb,  both  of  which  are  Juniper  M-series 
and  E-series  router  customers.  Those  products 
are  therefore  “the  most  production  proven”  for 
IP  TV  applications,  said  Judy  Beningson,  vice 
president  of  strategy  and  planning  for  Juniper’s 
service  provider  business. 


Juniper  espouses  an  IP  video  architecture 
that  relies  more  on  the  dynamic  bandwidth 
allocation  capabilities  of  a  router  —  Juniper’s 
E320  router  —  than  on  the  static  assignments 
of  Gigabit  Ethernet  aggregation  switches.  But 
when  asked  for  a  status  report  on  the  E320’s 
traction  in  the  market,  Rerdikou  said  only  that 
the  router  is  “solid”  and  “takes  a  long  time”  to 
penetrate  the  market. 

Analysts  noted  that  Juniper  partner  Lucent’s 
intention  to  acquire  the  assets  of  metropolitan 
Ethernet  router  vendor  Riverstone  under¬ 
scored  the  hole  in  Juniper’s  product  line. 
Lucent  resells  Juniper  routers  but  partnered 
with  Riverstone  last  year  for  carrier  voice, 
video  and  data  over  a  single  telephone  line,  or 
triple  play,  opportunities  because  Juniper 
lacked  Ethernet  switching  and  its  low  prices. 

Juniper  dismissed  the  perception  that  it 
needed  Ethernet  switching  and  aggregation 
products  to  better  compete  in  the  triple 
play/IP  video  opportunities. 

“Ethernet  is  not  an  architecture,”  said  CEO 
Scott  Kriens.  “Ethernet  is  an  interface.  Source 
and  destination  intelligence  [housed  in 
routers]  will  be  increasingly  accessed  through 
Ethernet  interfaces.”® 
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To  register  now  or  for  more  information,  visit  www.snwusa.com/nww 


For  sponsorship  opportunities,  call  Ann  Harris  at  508-820-8667  or  Amy  McLellan  at  508-820-8518 
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provides  a  road  map  to 
where  things  are  going  ...” 


Ralph  C.  Barber 
Chief  Technology  Officer, 
Holland  &  Knighf  LLP 


Learn  How  to  Achieve 
Storage  Networking  Success 

•  Get  a  Contemporary  Overview  of  Today’s  Storage  Networking 
Issues  and  Opportunities 

•  See  How  to  Implement  and  Deploy  the  Latest  in  Storage 
Networking  Technologies 

•  Hear  the  Latest  in  Enterprise  Security 

•  Learn  from  Best  Practices  and  Case  Studies 


Why  You  Should  Attend 

Are  you  responsible  for  managing  your  company's  data  center  assets?  Want  to 
exchange  innovative  ideas  and  strategies  with  other  executives  who  share  the  same 
objectives?  Then  attend  Storage  Networking  World,  where  you’ll  network  with  and 
learn  from  renowned  experts  and  the  nation's  top  user  executives. 


^-SNIA 


STORAGE 

NETWORKING 

WORLD 


COMPUTERWORLD 


Co-Owned  and  Endorsed  by 

^sSNIA 

Co-Owned  and  Produced  by 

COMPUTERWORLD 


What  You’ll  Learn 

In  this  executive-forum  setting,  you'll  hear  directly  from  executives  and  managers  in 
user  companies.  They'll  address  a  wide  variety  of  today’s  burning  issues  like: 


Selecting  and  Deploying  Storage 
Networks 

Advancing  the  Data  Center 
and  its  Infrastructure 

Storage  Security 

Managing  Storage  Networking 
Technology 

Enterprise  Business  Applications 
and  Databases 

Deploying  and  Managing  Storage 
Networking  Solutions  to  Meet 
Industry  Regulations 


CXO  Insights 

Managing  Deployment  of  Existing 
and  Emerging  Technologies 

Critical  and  Emerging  Technology 
Topics 

High  Performance  Data  Storage 
Applications 

Deploying  and  Managing  Storage 
Networking  for  Small/Medium 
Business 


HSee  SNW’s  Solutions  Center 

No  other  storage  event  gives  you: 

•  SNIA  member  companies  and  systems  integrators 
collaborating  on  integrated  technology  and  business 
application  solutions.  New  in  April:  “Technology  Showcase” 
•The  opportunity  to  meet  leading  experts  and  engineers 
•  Featuring  “Hands  On  Lab”  Program 


=  Storage  Analyst  Briefing 

In  this  fast-paced  session,  I  DC’s  top  storage  analysts  will 
examine  companies’  growing  interest  in  deploying  tiered 
storage  solutions  and  assess  its  impact  on  storage  compo¬ 
nents,  systems,  networks,  management  and  services. 


For  more  information  and  to  register,  visit  www.snwusa.com/nwwor  call  1-800-883-9090 


For  more  information  and  to  register,  visit  www.snwusa.com/nwwor  call  1-800-883-9090 


Conference  At-a-Glance  (subject  to  change) 


For  details,  updates,  and  to  register  visit  www.snwusa.com/nww 


MONDAY,  APRIL  3 


Registration  Open  8:00am  -  7:30pm 


9:30am  -  1 1 :55am 
1 1 :55am  -  1 :00pm 
1 2:00pm  -  5:00pm 
1 :00pm  -  5:25pm 
1 :00pm  -  5:25pm 
4:40pm  -  6:1 5pm 
5:00pm  -  7:00pm 
7:00pm  -  9:00pm 


Concurrent  Sessions  (Primer,  Career  Development,  SNIA  Tutorials,  etc.) 
Luncheon 

Pre-Conference  Golf  Outing 
I  DC  Analyst  Briefing 

Concurrent  Sessions  (SNIA  Tutorials,  End-User  Case  Studies,  etc.) 

End  User  Town  Hall  Meeting 

Speed  Dating  with  I  DC:  A  Channel  Partner  Networking  Event  at  SNW 
Welcome  Reception 


TUESDAY,  APRIL  4 


Registration  Open  7:00am  -  7:00pm 


7:00am  -  8:00am 
8:00am  -  1 2:30pm 
1 2:45pm  -  2:00pm 
2:1  Opm  -  5:40pm 
5:40pm  -  8:40pm 


Breakfast 

General  Conference  Sessions 
Luncheon 

Concurrent  Sessions  (SNIA  Tutorials,  End-User  Case  Studies,  etc.) 
Expo  with  Dinner  and  Solutions  Center 


WEDNESDAY,  APRIL  5 


Registration  Open  7:00am  -  6:30pm 


7:1 5am  -  8:1 5am 
8:15am  -  12:15pm 
1 2:1 5pm  -  2:00pm 
12:15pm  -  7:15pm 
2:10pm  -  5:40pm 
4:00pm  -  7:00pm 
7:00pm  -  9:30pm 
9:30pm  -  1 1 :00pm 


Breakfast 

General  Conference  Sessions 
Expo  with  Luncheon 
Solutions  Center  Open 

Concurrent  Sessions  (SNIA  Tutorials,  End-User  Case  Studies,  etc.) 
Expo  and  Solutions  Center  Open 
Gala  Evening  with  Dinner  and  Entertainment 
Post-Gala  Reception 


THURSDAY,  APRIL  6 _  _ Registration  Open  7:30am  -  10:00am 

7:30am  -  8:30am  Breakfast 

8:30am  -  12:00pm  Concurrent  Sessions  (SNIA  Tutorials,  End-User  Case  Studies,  etc.) 
12:00pm  Conference  Concludes 


“...a  high  quality,  low  fluff 
conference...” 


Jay  Brummett 
Chief  Technology  Officer, 
Information  Technology, 
CIO  of  Ogden,  Utah 


V'%SNIA 

Attend  SNIA-Certified 
Training  Programs  at  SNW 


The  Steele  Canyon 
Golf  Club 

Yamul,  California 


Pre-Conference  Golf  Outing 

Complimentary  for  Registered  IT  End-Users 

The  Pre-Conference  Golf  Outing  at  The  Steele  Sponsored  by: 

Canyon  Golf  Club,  is  complimentary  for  registered  Quantum 
IT  End-Users  (other  participants,  including  sponsors 
and  vendors,  may  play  on  an  “as  available"  basis  and  are 
responsible  for  all  applicable  golf  outing  expenses). 

For  details  contact  Duncan  Newell  at  1-508-271-8029 


Manchester  Grand  Hyatt 

San  Diego,  California 


■■■■■■■■ 


Hotel  Reservations  and  Travel  Services 


Global  Odysseys  is  the  official  travel  company 
for  Storage  Networking  World.  They  are  your 
one-stop  shop  for  exclusive  discounted  rates  on 
hotel  accommodations. 


Global  Odyfiaeys 


To  reserve  your  accommodations,  visit:  www.etcentral.com 
You  can  also  call  our  conference  housing  line  at:  1-888-254-1597 
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Application  for  Conference  Registration 

Fax  this  completed  application  to  1-508-820-8254  or  apply  online  at  www.snwusa.com/nwvi 


Your  business  card  is 
REQUIRED 

to  process  your  application 

Please  affix  your  business  card  to  this  space  prior  to 
submitting  your  application.  Applications  submitted 
without  business  cards  will  not  be  processed. 

Questions?  Call  1-800-883-9090 


If  not  indicated  on  your  business  card, 
please  provide  the  following  required 
information: 


Corporate  Email  Address 


Corporate  Website 

Registration  questions? 

Call  1  -800-883-9090  or  email 
snwreg@computerwor1d.com 

Need  accommodations? 

Reserve  them  at:  www.etcentral.com 

Or  call  1-888-254-1597 
or  email:  eventhousing@globalodysseys.com 


Please  check  ONE  of  the  following: 

Earlybird  Registration  (through  February  20,  2006) 

Full/Onsite  Registration  (after  February  20,  2006) 

□ 

1  am  an  IT  End-User* 

(Complete  Attendee  Profile  below) 

□  $1,290  General  Conference  Package 

(includes  General  Conference,  plus  Technical  and  Business  Tracks, 

SNIA-produced  Tutorials,  SNIA-Certification  "Test-Ready"  Courses) 

□  $1,690  General  Conference  Package 

(includes  General  Conference,  plus  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA-Certification  “Test-Ready"  Courses) 

*  IT  End-Users  are  defined  as  those  who  are  attending  Storage  Networking  World  with  an  intent  (and  an  IT  spending  budget)  to  potentially  buy/lease  hardware/software/services,  etc.  from  our  conference  sponsors  2 
are  not  themselves  an  IT  vendor.  As  such,  account  representatives,  business  development  personnel,  analysts,  consultants  and  anyone  else  attending  who  does  not  have  IT  purchasing  influence  within  their  organizat 
are  excluded  from  the  “IT  End-User"  designation.  Interpretation  and  enforcement  of  this  policy  are  at  the  sole  discretion  of  Computerworld. 


Attendee  Profile:  This  section  MUST  be  completed  by  IT  End-Users  and  Channel  Partners/Integrators/Consultants  only  (optional  for  all  other  registrations)  in  order  to  process  your  application. 


Your  Business/Industry 

□  Non-Tech:  Advertising/Marketing/PR/Media  (Publishing, 
Broadcast  Online) 

□  Non-Tech:  Agriculture/Forestry/Fisheries 

□  Non-Tech:  Education 

□  Non-Tech:  Finance/Banking/Accounting 

□  Non-Tech:  Government  -  Federal  (including  Military) 

□  Non-Tech:  Healthcare/Medical/Pharmaceutical/Bio-Tech 

□  Non-Tech:  Insurance/Real  Estate/Legal 

□  Non-Tech:  Manufacturing  &  Process  Industries 

□  Non-Tech:  Mining/Oil/Gas 

□  Non-Tech:  Retailer/Wholesaler/Distributor 

□  Non-Tech:  Transportation/Utilities  (Energy,  Water,  etc.) 

□  Non-Tech:  Travel/Hospitality/Entertainment/Recreation 

□  Non-Tech:  Other _ 

□  Tech:  Communication  Carriers 
(ISP,  Telecom,  Data  Comm  Cable) 

□  Tech:  Manufacturing  -  Hardware/Software 

□  Tech:  Service  Provider  (MSP,  BSP,  ASR  ESP,  Web  Hosting) 

□  Tech:  Other _ 


Your  Job  Title/Function: 

□  IT  Management:  CIO,  CTO,  CSO 

□  IT  Management:  Director 

□  IT  Management:  Manager 

□  IT  Management:  Technical  Consultant 

□  IT  Management:  VP 

□  Business  Management:  CEO,  COO,  Chairman,  President 

□  Business  Management:  Other  Corporate,  Business 
Manager 

□  Other:  Non-Manager 

What  is  the  one  item  that  best  describes  your 
involvement  in  the  IT  purchase  process? 

□  Authorize/Approve  Purchase 

□  Set  Budget  for  Expenditures 

□  Evaluate/Recommend  Products,  Brands 

□  Determine  Need  to  Purchase 

□  All  of  the  above 

□  None  of  the  above 


Number  of  employees  in  your  entire  organization 
(ALL  locations) 

□  Over  20,000 

□  10,000-  19,999 

□  5,000  -  9,999 

□  1,000-4,999 

□  500  -  999 

□  100-499 

□  50  -  99 

□  Less  than  50 

What  is  your  organization's  annual  IT/IS  budget 
for  all  IT/IS  products? 

□  $1  Billion  or  more 

□  $500  to  $999.9  Million 

□  $100  to  $499.9  Million 

□  $50  to  $99.9  Million 

□  $10  to  $49.9  Million 

□  $1  to  $9.9  Million 

□  $500,000  to  $999,999 

□  $250,000  to  $499,999 

□  $100,000  to  $249,999 

□  Under  $100,000 

□  None 


What  is  the  estimated  annual  revenue  of 
your  entire  organization? 

□  Over  $  1 0  Billion 

□  $  1  Billion  -  $9.9  Billion 

□  $500  Million  -  $999  Million 

□  $100  Million  -  $499  Million 

□  Less  than  $  1 00  Million 

Would  you  like  to  receive  information  about  playing 
the  golf  outing  on  Monday,  April  3rd? 

□  Yes 

□  No 

Do  you  need  hotel  accommodations? 

□  Yes  (please  visit  www.etcentral.com  to  reserve) 

□  No 

Would  you  like  to  receive  a  complimentary 
subscription  to  Computerworld? 

□  Yes 

□  No 

Signature  Batl 


I~1  I  am  a  Channel  Partner/ 
Integrator/Consultant 

(Complete  Attendee  Profile  above) 


□  $3,000  General  Conference  Package  (through  2/20/06) 

(includes  General  Conference;  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA  Certification  "Test-Ready"  Courses) 


□  $3,500  General  Conference  Package  (after  2/20/06) 
(includes  General  Conference;  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA  Certification  “Test-Ready"  Courses) 


By  participating  in  SNW’s  Channel  Partner/Integrator  registration  package,  registrants  may  enjoy  the  following  benefits:  One  company  representative  may  receive  a  full  conference  pass  to  SNW  Spring 
2006;  additional  company  representatives  pay  the  prevailing  rate  for  full  conference  passes;  company  may  invite  up  to  five  IT  User  customers  to  attend  SNW  Spring  (IT  Users  must  be  strictly  compliant  wii 
IT  User  definition  on  the  supplied  registration  form). 


D  My  company  is  Sponsoring/ 
Exhibiting  at  SNW 


□  $1,290  General  Conference  Package (thro-Ugh  2/20/06) 
(includes  General  Conference,  plus  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA-Certification  “Test-Ready"  Courses) 


□  $1,690  General  Conference  Package  (after  2/20/06) 
(includes  General  Conference,  plus  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA-Certification  “Test-Ready"  Courses) 


As  a  sponsor,  you  may  be  eligible  to  attend  using  a  registration  provided  with  your  sponsorship.  (If  those  registrations  have  already  been  assigned/used,  then  you  may  register  at  the  prevailing  rates  above. 
See  the  current  list  of  sponsors  at  www.snwusa.com.  Questions?  Call  1-800-883-9090  or  email  snwreg@computerworld.com. 


□  I  am  a  representative  of  a  Non-Sponsoring  IT  Vendor  Company 

□  $5,000  Business  Development  Professional  Package  for  Sales,  Marketing 
and  Business  Development  Professionals  (includes  General  Conference  Sessions,  Expo,  Meals  & 
Receptions) 

Vendors  are  encouraged  to  participate  in  Storage  Networking  World  through  sponsorship.  (Details  are 
available  by  calling  Ann  Harris  at  508-820-8667.)  Alternatively,  vendors  (as  well  as  other  “non-IT  end-user" 
professionals  as  defined  by  Computerworld),  may  apply  for  registration  at  the  "non-sponsoring  vendor"  rate 
of  $5,000.  Determination  of  what  constitutes  a  “non-sponsoring  vendor"  registration  is  made  exclusively 
by  Computerworld.  Please  call  888-239-4505  with  questions. 


□  I  am  a  Financial/Equity  Analyst  and/or  Venture  Capital  Professional 

□  $1,290  (through  February  20,  2006)  O  $1,690  (after  February  20,  2006) 

General  Conference  Package  General  Conference  Package 

(includes  General  Conference  Sessions,  Expo,  (includes  General  Conference  Sessions, 
Meals  &  Receptions)  Expo,  Meals  &  Receptions) 


□  I  am  a  qualified  member  of  the  press.  I  can  verify  my  press  credentials. 
Press  should  call  Lisa  Langsdorf  at  Trylon  Communications,  212-725-2295,  to  register. 


Payment  Method 

□  Check 

(checks  must  be  received  by  March  1 3,  2006  payable  to:  Computerworld) 

Mail  to:  Computerworld,  Attn:  Josh  Ryan,  One  Speen  Street,  Framingham,  MA  01701 

□  American  Express  □  VISA  □  MasterCard 

Account  Number: _ 

Expiration  Date: _ 

Card  Holder  Name: _ 

Signature  of  Card  Holder: _ 

Cancellation  Policy  (All  of  the  following  require  written  notification  by  March  13, 2006.) 

In  the  event  of  cancellation,  the  registrant  has  three  options: 

1 )  He  or  she  may  substitute  another  attendee  for  this  conference. 

2)  He  or  she  may  transfer  this  registration  to  the  Storage  Networking  World  Fall  2006  conference 

3)  The  registration  fee  will  be  refunded,  less  a  $250  service  charge  (if  written  notice  is  received  by  March  1 3. 2006). 
Please  send  cancellation  requests  via  email  to:  snwreg@computerworld.com 


Please  fax  this  completed  application  to  1-508-820-8254 
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MET  INFRASTRUCTURE 

i-  SECURITY  SWITCHING  M  ROUTING  BVPNS  « BANDWIDTH  MANAGEMENT  SVOIP  B  WIRELESS  LANS 


tort  Takes 


■  Aventail  last  week  rolled  out  an 
SSL  VPN  package  for  Macintosh  and 
Linux  platforms.  Aventail  Connect 
Tunnel  for  Mac  and  Linux  gives 
Macintosh  and  Linux  users  two  se¬ 
cure,  remote  access  options:  Connect 

.  Tunnel,  a  lightweight  agent  for  net¬ 
work  application  access  and  work¬ 
place  access;  and  clientless  browser 
access  for  Web  applications  and  file 
share  access.  The  package  supports 
a  range  of  Macintosh  and  Linux 
browsers,  including  Safari,  Firefox, 
Mozilla  and  Microsoft  Internet  Ex¬ 
plorer.  The  full  release  is  scheduled  to 
be  available  in  the  second  quarter  as 
software  upgrades  for  existing  hard- 

.  ware  products.  A  preview  release  is 
scheduled  to  be  available  later  this 
month.  These  access  options  are 
included  in  the  base  license  price  of 
the  EX-2500  and  EX-1500,  Aventail's 
enterprise-class  appliances.  For  the 
EX-750,  Aventail's  SSL  VPN  appliance 

.  for  small  and  midsize  businesses, 
Connect  Tunnel  is  an  add-on  starting 
at  $995. 

■  ConSentry  announced  last  week 
its  LAN-access  protection  appliance 
works  with  Cisco  and  Check  Point 
schemes  for  scanning  computers 
before  they  gain  access  to  networks 
to  make  sure  they  are  configured  to 
meet  security  policies.  With  a  new 
release  of  Secure  LAN  Controller 
software,  the  ConSentry  devices  will 

■  support  Cisco’s  Trust  Agent,  which 
reads  whether  PCs  are  running 
updated  anti-virus  software  from 
Network  Associates,  Symantec  and 
Trend  Micro. This  is  part  of  Cisco’s 
Network  Admission  Control  program 
to  limit  or  deny  network  access  to 
endpoints  that  fail  corporate  configu¬ 
ration  standards.  For  an  extra  fee, 
ConSentry's  LANShield  2.0  software 
will  also  support  Check  Point’s  Integ¬ 
rity  software,  which  sends  a  Java 
agent  to  remote  machines  to  scan  for 
anti-virus  software,  critical  patches, 
updated  versions  of  programs  and 
prohibited  programs.  It  can  deny 
cess  if  a  PC  is  found  noncompliant. 
oport  for  Integrity  in  LANShield  2.0 
is  $3,000  per  appliance. 


Security  issues  debated 

Experts  say  security  products,  implementations  need  to  improve  drastically. 


BY  CARA  GARRETSON 

A  panel  discussion  involving  a  group  of 
experts  held  during  Demo  ’06  in  Phoenix 
earlier  this  month  concluded  that  the  state 
of  security  is  not  where  it  should  be.  Luckily 
the  panelists  also  had  suggestions  on  how 
to  improve  it. 

During  the  conference,  which  is  owned 
by  Network  World,  former  IBMer  and  con¬ 
sultant  John  Patrick  called  together  a  panel 
of  industry  and  academic  figures  to  answer 
the  question:  Will  the  good  guys  be  able  to 
stay  ahead  of  the  bad  guys?  But  first  Patrick 
asked  the  panel  to  assess  the  current  state 
of  security  and  the  responses  showed  that 
the  good  guys  aren’t  necessarily  ahead  of 
the  bad  guys. 

“The  state  of  security  is  terrible  . . .  abso¬ 
lutely  abysmal,”  said  Hilarie  Orman,  former 
research  scientist  and  one-time  member  of 
Defense  Advanced  Research  Projects 
Agency’s  Information  Technology  Office. 
She  now  is  CTO  and  vice  president  of  engi¬ 
neering  with  Shinkuro,  which  makes  file¬ 
sharing  software.  “It’s  difficult  to  argue 
there’s  a  good  state  of  security  right  now” 

Another  panelist  reminded  the  audience 
that  there’s  no  such  thing  as  perfect  security 
“It’s  a  cat  and  mouse  game  [that  the  indus¬ 
try  plays  with  hackers] ,  but  we  need  to 
bring  [the  threat]  down  to  a  level  where  we 
can  live  with  it,”  said  Partha  Dasgupta,  an 
associate  professor  with  Arizona  State 


University’s  Fulton  School  of  Engineering. 

The  good  news,  according  to  the  third 
panelist,  is  at  least  the  industry  and  users 
are  beginning  to  think  about  security  En¬ 
terprise  and  consumer  products  need  to 
find  a  balance  between  being  secure  and 


being  useful,  said  Charles  Palmer,  manager 
of  the  security  networking  and  privacy  de¬ 
partments  at  IBM’s  Thomas  J.  Watson  Re¬ 
search  Center. 

“If  [security]  makes  the  system  really  hard 

See  Security,  page  18 


CA  set  to  tackle  Web  services  security 


BY  ROBERT  MCMILLAN,  IDG  NEWS  SERVICE 

CA  is  readying  software  designed  to 
help  secure  and  manage  systems  using 
Web  services  software. 

The  product,  expected  by  the  middle  of 
this  year,  will  fuse  the  company’s  eTrust 
Transaction  Minder  and  Unicenter  Web 
Services  Distributed  Management 
(WSDM)  software,  and  will  add  new  fea¬ 
tures  to  enhance  XML  security  says  Toby 
Weiss,  senior  vice  president  and  general 
manager  of  CA’s  Security  Management 
business  unit. 

Code-named  Project  SOA,  the  software 
has  been  in  development  for  nine 
months.  CA  will  probably  work  with  other 
companies  to  deliver  it  in  a  preconfig¬ 
ured  hardware  appliance,  Weiss  says. 
“We’re  definitely  going  to  have  a  software 


version,  and  we’re  working  with  some 
hardware  partners  now,”  he  says. 

CA  has  already  integrated  its  Web  ser¬ 
vices  products  with  appliances  from  ven¬ 
dors  such  as  Layer  7  Technologies  and 
Forum  Systems. 

With  companies  beginning  to  bring 
Web  services  online,  customers  are  look¬ 
ing  for  tools  that  can  help  them  thwart 
potential  attacks  and  ensure  that  the  Web 
services  are  used  only  by  authorized 
users  and  applications, says  Jason  Bloom¬ 
berg,  a  senior  analyst  with  ZapThink. 

“The  Unicenter  WSDM  product  is  a  rea¬ 
sonably  mature  product  for  Web  services 
management,  and  Transaction  Minder 
was  gaining  some  traction  in  the  Web  ser¬ 
vices  security  space  at  the  time  that  CA 
acquired  Netegrity,”  Bloomberg  says. 


“These  are  the  two  leading  SOA  products 
that  CA  offers,  so  it  makes  sense  for  them 
to  be  together.” 

CA  completed  its  $400  million  purchase 
of  software  vendor  Netegrity  in  Novem¬ 
ber  2004,  and  has  been  working  since 
then  to  integrate  the  company’s  identity 
management  products  with  the  rest  of  its 
product  line. 

Project  SOA  fits  into  CA’s  broad  plan  to 
extend  its  management  products  to  help 
IT  managers  set  security  policies,  Weiss 
says. 

“Web  services  are  coming  on  the  scene 
in  a  major  way.  All  companies  are  imple¬ 
menting  them  in  some  form  or  another. 
Even  if  they  don’t  know  it,  they’re  buying 
software  off  the  shelf  that’s  implementing 
Web  services.”  ■ 


At  Demo  '06,  moderator  John  Patrick,  far  left,  discussed  the  state  of  security  with  panelists 
Partha  Dasgupta,  Hilarie  Orman  and  Charles  Palmer. 
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Space  invaders:  You  and  WIPS 

It  is  only  recently  that  vendors  have 
begun  delivering  products  to  help  deal 
with  intrusions  carried  out  over 
wireless  LANs. 


TOLLY  ON  TECHNOLOGY 


Kevin  Tolly 


If  your  lot  in  life  —  your  IT  life, 
that  is  —  centers  on  security,  you 
may  be  many  things,  but  bored 
and  unchallenged  are  not 
among  them.  It  is  a  given  that 
security  is  an  essential  element 
of  virtually  every  component  of 
IT.  If  only  it  were  equally  true  that 
detailed  knowledge  acquired  in 
one  area  of  security  could  easily 
be  applied  in  others. 

Although  many  network  man¬ 
agers  have  spent  recent  years  im¬ 
plementing  intrusion-prevention 
system  (IPS)  solutions  to  harden 
their  wired  networks,  it  is  only 
recently  that  vendors  have  begun 
delivering  products  to  help  deal 
with  space  invaders  —  intrusion 
threats  carried  out  over  wireless 


LANs  (WLAN). 

And,  although  the  attackers’ 
goals  are  the  same,  the  nature  of 
WLANs  means  radically  different 
approaches  are  required  to  pro¬ 
tect  those  LANs.  Furthermore, 
there  is  no  consensus  among  ven¬ 
dors  on  what  those  approaches 
should  be. 

To  make  an  effective  buying 
decision  for  wireless  IPS  you 
need  to  understand  both  the 
challenges  and  the  possible 
solutions. 

Compared  with  the  job  that 
wireless  IPSs  have  to  handle, 
their  wired  brethren  have  it  easy. 
Wired  IPS  devices  intercept 
traffic  as  it  attempts  to  cross  the 
perimeter  of  the  network.  There 
is  no  question  about  where  the 
intrusion  attempt  originated. The 
IPS  knows  exactly  which  port 
the  traffic  came  in  on.  Similarly, 
stopping  the  intrusion  is  simply 
a  matter  of  filtering  out  —  dis¬ 
carding  —  the  traffic  deemed  to 
be  a  threat. 

A  key  enabler  of  WLAN  intru¬ 


sion  is  the  rogue  access  point. 
This  is  a  normal  access  point  that 
has  been  plugged  into  the  net¬ 
work  by  someone  other  than  the 
IT  department.  Once  in  place,  not 
only  can  unauthorized  WLAN 
devices  inside  the  company 
interact  with  the  corporate  LAN, 
but  so  can  other  WLAN  devices 
within  signal  range  outside  the 
company 

Thus,  rooting  out  rogue  access 
points  is  typically  Job  No.  1  for 
most  wireless  IPSs.  Consequently 
that  task  became  Test  No.  1  of  a  re¬ 
cent  vendor-commissioned  vali¬ 
dation  study 

The  study  revealed  that  the 
ability  of  a  wireless  IPS  to 
detect  rogues  is  influenced  by 
whether  they  are  on  the  same 
or  different  virtual  LANs  as  the 


wireless  IPS,  whether  Wired 
Equivalent  Privacy  is  on  or  off, 
and  a  host  of  other  factors. 
Rogue  access  point  detection  is 
not  just  a  yes-  or  no-  item  on  a 
checklist. 

Once  rogue  access  points  are 
detected,  it  is  a  challenge  to  iso¬ 
late  and  remove  clients  be¬ 
cause  the  wireless  IPS  is  not  in 
the  physical  data  path  of  the  ac¬ 
cess  point. 

The  wireless  IPS  typically  has  to 
send  the  equivalent  of  reset  com¬ 
mands  to  attempt  to  disconnect 
the  intruding  users  of  the  rogue 
access  point  from  the  network.  No 
IEEE  committee  dictates  how  this 
is  to  be  done. Vendors  do  it  differ¬ 
ently  and  with  different  levels  of 
effectiveness. 

Access  points  connected  out¬ 


side  the  confines  of  the  corpo¬ 
rate  environment  can  represent 
an  equally  potent  risk. XP’s  WLAN 
“Zero  config”  feature  lets 
machines  automatically  seek  out 
an  accessible  access  point  and 
begin  communications  without 
configuration. 

Should  a  legitimate  corporate 
client  “mis-associate”  with  an 
access  point  outside  the  corpo¬ 
rate  network,  the  wireless  IPS 
needs  to  spring  into  action.  It 
wouldn’t  take  long  for  sensitive 
information  to  flow  across  that 
connection  and  be  swiped  by  a 
hacker. 

This  situation  points  to  the  need 
for  a  wireless  IPS  even  if  you 
haven’t  implemented  WLANs 
internally,  because  all  of  your 
new  notebooks  have  built-in 
wireless. 

Tolly  is  president  of  The  Tolly 
Group,  a  strategic  consulting  and 
independent  testing  company  in 
Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@tolly.com. 


Security 

continued  from  page  17 

to  use  or  is  done  wrong, you’ve  got  a  brick,” 
he  said. 

One  possible  solution  to  the  recent  rash 
of  identity  theft  is  biometrics,  in  which  com¬ 
puters  scan  a  finger,  face, retina  or  other 
part  of  the  body  and  save  that  image  for  au¬ 
thentication.  The  problem  with  biometrics, 
agreed  the  panel,  is  that  once  a  thief  learns 
how  to  reproduce  a  fingerprint,  the  owner 
can’t  change  the  original. 

Technology  is  being  developed  that 
doesn’t  take  a  picture  of  the  finger  but 
some  small  measurements  of  the  finger’s 
characteristics,  said  Palmer,  who  added  that 
4%  of  people  can’t  produce  good  finger¬ 
prints  and  that  pineapple  juice  can  tem¬ 
porarily  remove  a  person’s  fingerprint. 

Another  promising  area  is  challenge- 


The  road  to  better  security 

Looking  for  better  security  solutions?  Need  an 
integrated  strategy?  Attend  a  Network  World  IT 
Road  Map  event  coming  to  Boston,  Chicago,  Dallas 
and  the  Bay  Area.  One  day,  six  tracks  and  40  IT 
all-stars,  analysts,  vendors  and  user  case  studies 
ready  to  work  for  you.  Qualify  to  attend  free. 
DocFInasr:  2024 


response  biometrics, Dasgupta  said. Instead 
of  matching  a  spoken  word  or  phrase  to 
one  previously  recorded,  the  phrase  is 
changed  every  time  so  a  thief  can’t  record 
the  phrase  and  replay  it  over  and  over  to 
gain  access  to  protected  data.“That’s  much 
more  sophisticated,  and  much  more  com¬ 
plicated,”  he  said. 

Fingerprint  biometrics  are  the  best  bet  at 
the  moment  because  the  technique  has 
been  in  practice  the  longest,  Dasgupta  said. 

Another  technology  that  can  help  im¬ 
prove  security  is  encryption,  the  panelists 
agreed.  However,  most  people  don’t  know 
how  to  use  it  and  even  when  it  is  employed 
it  is  poorly  managed,  Orman  said. 

“Encryption  does  protect  data,”  Orman 
said.  “The  weak  point  in  this  is  almost 
always  key  management.  Even  when  data’s 
been  encrypted  someone  can  find  the  key 
since  key  selection  and  protections  is  so 
bad.  .  . .  Usually  the  key  is  lying  around 
somewhere.” 

“The  problem  is  at  the  endpoints,” 
Dasgupta  added.  “When  you’re  using 
encryption, you  have  to  encrypt  at  one  end 
and  decrypt  at  the  other” 

Another  point  of  agreement  among  panel 
members  was  that  security  needs  to  be  part 
of  an  application  or  operating  system  from 
the  beginning  —  not  an  add-on  or  after¬ 
thought. 

“We  continue  to  build  systems  without 
thinking  about  security  from  the  begin¬ 
ning,”  Palmer  said. 

“What  developers  really  want  is  [a  tool 


that]  looks  at  code  and  tells  you  if  it’s  evil, 
and  that’s  impossible,”  Palmer  added. 

“All  code  is  evil,  let’s  face  it,”  Orman  re¬ 
torted,  drawing  chuckles  from  the  audi¬ 
ence.  “It’s  been  interesting  watching  the 
evolution  of  network  security  protocols; 
it’s  very  difficult  to  change  them”  at  this 
point,  she  said. 


BY  GRANT  GROSS,  IDG  NEWS  SERVICE 

Internet  Security  Systems  last  week  an¬ 
nounced  a  group  of  products  designed  to 
identify  points  of  failure  and  compromise 
on  networks  and  to  respond  quickly  to  net¬ 
work  changes  without  a  need  for  extensive 
network  administrator  interaction. 

The  Proventia  Network  Anomaly  Detec¬ 
tion  System  uses  an  integrated  group  of 
analysis  engines  to  monitor  networks. The 
system  lets  network  administrators  moni¬ 
tor  critical  services  closely,  shut  down  un¬ 
used  or  unauthorized  ports,  and  segment 
networks  to  prevent  the  spread  of  worms, 
1SS  says. 

The  Proventia  Network  Anomaly  Detec¬ 
tion  System  can  be  used  as  a  stand-alone 
ISS  product  or  as  an  integrated  component 
of  ISS’ enterprise  security  platform, the  com¬ 
pany  announced  at  the  RSA  Conference 


Patrick  asked  the  panel  if  mobile  devices 
were  a  particularly  high  security  risk. 
Technically  speaking  they’re  not,  the  panel 
said,  but  it’s  the  way  people  use  them  today 
that  creates  vulnerabilities.  Good  security 
“requires  you  to  take  your  BlackBerry  and 
type  your  password  in  every  time  you  open 
it,”  Palmer  said.  ■ 


2006  in  San  Jose. 

ISS  also  announced  the  Proventia  Net¬ 
work  Enterprise  Scanner,  designed  to  move 
the  company’s  product  line  from  vulnera¬ 
bility  assessment  to  complete  vulnerability 
management  and  protection. The  Proventia 
Network  Enterprise  Scanner  offers  cus¬ 
tomers  automatic  and  continuous  vulnera¬ 
bility  scanning,  including  a  set  of  workflow 
and  reporting  tools. 

The  scanner  is  an  easy-to-install  appli¬ 
ance  with  a  simple  graphical  user  inter¬ 
face,  ISS  says. 

ISS  also  unveiled  a  new  hardware  design 
for  its  intrusion-prevention  technology  ISS’ 
new  Proventia  Network  Intrusion  Pre¬ 
vention  System  is  designed  to  be  easier  to 
use  for  network  administrators  and  marks 
the  company’s  transition  to  custom-built 
appliance  platforms,  the  company  says.B 


Internet  Security  Systems 
bolsters  monitoring  family 


Identity  Driven  Manager 


A  secure,  predictable,  high-performing  network  is  smart  enough 
to  know  exactly  who  its  users  are  whenever  or  wherever  they  connect. 
It  provides  the  right  security  and  performance  settings  for  appropriate 
access  and  greater  network  performance.  This  fundamental  shift  in 
network  management  is  possible  using  Identity  Driven  Manager's 
groundbreaking  technology — built  to  optimize  ProCurve’s  industry 
leading  Adaptive  EDGE  Architecture,"  IDM  makes  networks  more 
secure  while  increasing  irser  productivity. 

To  view  an  informative  video  on  Identity  Driven 
Manager  and  ProCurve  network  management,  visit 
www.hp.com/go/procurveidm3  or  call  (800)  975-7684  Ref.  Code  203. 
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Users  weigh  Exchange  mobile  messaging 


BY  JOHN  COX 

Wary  network  administrators  are  start¬ 
ing  to  evaluate  the  mobile-messaging 
capability  rolled  out  by  Microsoft  via 
Exchange  Server. 

Microsoft’s  long-awaited  push  e-mail  offer¬ 
ing  promises  to  simplify  enterprise  messag¬ 
ing  by  leveraging  the 
Exchange  Server  infrastruc¬ 
ture  already  installed  in  a 
company  (see  graphic).  This 
approach  eliminates  the  need 
for  third-party  software  from 
such  rivals  as  Good  Tech¬ 
nology,  Intellisync  and 
Research  in  Motion,  or  carrier¬ 
messaging  services. 

But  administrators  have 
concerns  about  whether 
Microsoft’s  messaging  can 
match  the  ease  of  use  of 
Research  in  Motion’s  (RIM) 

BlackBerry,  as  well  as  its  net¬ 
work  efficiency.  Some  also 
wonder  when  their  current 
cellular  carriers  will  offer 
Windows  handhelds  that 
can  support  the  Microsoft 
messaging  feature. 

The  Microsoft  mobile- 
messaging  package  consists 
of  Exchange  Server  Service  Pack  2  com¬ 
bined  with  the  Messaging  and  Security 
Feature  Pack  now  bundled  with  the  first 
handheld  devices  running  Windows 
Mobile  5.0.  Dubbed  by  Microsoft  as  Direct 


B  Google  has  acquired  Measure 
Map,  a  company  that  provides 
analysis  of  blog  usage  and  traffic, 
for  an  undisclosed  amount. 

Google  says  it  bought  Measure  Map 
from  its  creator,  Adaptive  Path,  a 
consulting,  research  and  training 
company.  With  Measure  Map,  pub¬ 
lishers  can  track  visits  to  their  blogs 
and  monitor  user  activity.  The  ser¬ 
vice  is  free  but  by  invitation  only. 
Users  can  request  an  invitation  at 
www.rneasuremap.com. 


Push,  the  combination  can  automatically 
send  out  new  e-mail, contact  and  calendar 
information  to  a  handheld  device  over  a 
cellular  network. 

Microsoft  last  week  used  the  3GSM  World 
Congress  in  Spain  to  promote  its  latest 
messaging  efforts,  airing  partnerships 
with  service  providers  such 
as  Cingular  Wireless  and 
T-Mobile  and  hardware  ven¬ 
dors  such  as  HP  and  Fujitsu 
Siemens  (see  www.nww.com, 
DocFinder:  2239). 

Rivals  try  hard 

Exchange  sites  are  already 
deploying  Service  Pack  2,  and 
some  are  talking  with 
Microsoft  and  their  carriers 
about  small  pilots.  At  the  same 
time,  rivals,  including  Good 
Technology  are  trying  to  per¬ 
suade  these  same  sites  to  try 
alternatives,  exploiting  the 
uncertainty  about  RIM’s  long- 
running  legal  battle  over 
patent  infringements. 

Integris  Health  in  Oklahoma 
City  runs  its  corporate  e-mail 
on  Exchange,  but  uses 
BlackBerries  to  give  about  120 
senior  managers  mobile  e-mail.  IT  Architect 
Bruce  Alcock  says  the  healthcare  provider 
will  be  evaluating  the  Microsoft  offering. 

“We  have  some  clinical  applications  that 
run  on  Palm  or  Windows  Mobile  devices, 
but  not  on  the  BlackBerries,”  he  says.“We’re 
looking  to  see  what  we  can  provide  to 
combine  e-mail  and  application  access, 
but  we  don’t  want  the  docs  to  have  to 
carry  two  devices.” 

The  complexity  at  this  stage  is  a  bit  baf¬ 
fling.  As  an  example,  Alcock  says  Palm’s 
new  Treo  700w,  which  runs  the  needed 
Windows  Mobile  5.0, seems  to  be  available 
only  through  Verizon  Wireless.  But  Integris’ 
mobile  carrier  is  Cingular.’The  real  hassle  is 
that  it’s  kind  of  a  jigsaw  puzzle  that  you 
have  to  put  together?’  he  says. 

Lifetime  Products  plans  to  start  testing 
Exchange-based  mobile  messaging  as  soon 
as  it  can  trial  units  from  Cingular, according 
to  John  Bowden,  the  company’s  CIO.  The 
Clearfield,  Utah,  manufacturer  makes  metal 
and  plastic  home  products,  including 
tables,  chairs  and  sheds. 

The  company  has  about  1,000  Ex¬ 


New  handhelds  with 
Windows  Mobile  5.0,  like 
this  Treo  700w  from 
Palm,  let  customers  test 
Microsoft's  Exchange- 
based  mobile  messaging. 


Evaluating  Microsoft’s  push  e-mail 


Possible  benefits: 

Possible  drawbacks: 

•  Simpler  deployment  (no  third-party  server  software  needed). 

•  Not  as  easy  to  use  as 

•  Lower  cost  (no  additional  client  licenses  needed). 

BlackBerry  and  others. 

•  Growing  breadth  of  handhelds  running  Windows  Mobile  5.0. 

•  Incremental  support  costs,  if 
any,  unknown  at  present. 

•  Use  clustering  and  failover  of  Exchange  servers  for  reliable  messaging. 

•  Network  efficiency  may  be  less 
than  rivals,  leading  to  increased 
data  minutes. 

•  Device  and  user  management  via  Exchange  plus  Windows  Mobile  5.0. 

•  Synchronize  Exchange  contact  and  calendar  data. 

change  e-mail  users  worldwide.  But 
Bowden  expects  only  about  150  to  200  of 
them,  mainly  senior  managers,  will  need 
the  new  capability.  Until  now,  Lifetime 
was  using  the  existing  SMS-based  mes¬ 
saging  in  Exchange:  When  a  new  e-mail 
shows  up  on  Exchange  Server,  the  server 
generates  an  SMS  text  message,  sent  to 
the  user’s  smart-phone.  The  message 
alerts  the  user  to  log  on  to  Exchange  for 
the  new  e-mail. 

Bowden  says  this  comparatively  cumber¬ 
some  technique  worked  fine,  as  long  as 
carriers  didn’t  charge  for  SMS  traffic.  “In 
2003,  this  was  a  zero-cost  solution,”  he  says. 
“But  now  Cingular  is  charging  for  in-bound 
text  messages.”  The  Exchange-based  push 
e-mail  would  save  some  money. 

BlackBerry  users  are  fiercely  loyal  to  the 
popular  handhelds,  but  drawbacks  make 
the  new  Microsoft  approach  worth  investi¬ 
gating,  according  to  network  administra¬ 
tors,  including  Rich  DeBrino,  CIO  for 
Compass  Health,  in  Everett,  Wash.  The 
health  provider  has  about  100  BlackBerry 
users,  with  Exchange  as  the  corporate 
e-mail  server. 

“It’s  a  great  e-mail  device,  [but]  the 
BlackBerry  makes  a  crappy  phone,”  De¬ 
Brino  says.  He  thinks  the  new  Windows 
Mobile  devices  could  combine  high- 
quality  voice  and  mobile  e-mail  on  a  sin¬ 
gle  device  that  would  be  managed  as 
part  of  his  Windows  and  Exchange  infra¬ 
structure.  “If  we  can  do  it  all  with 
Exchange,  and  do  it  clean,  that  would  be 
so  much  easier,”  he  says. 

Oregon  State  University  is  weighing  a 
number  of  mobile-messaging  options.  The 
Corvallis-based  school  has  about  150 
BlackBerry  users.  But  it’s  set  to  pilot  Good 
Technology’s  messaging  software,  with  a 
handful  of  Treo  700w  handhelds,  in  addi¬ 


tion  to  evaluating  push  e-mail  in  Exchange, 
says  Tom  Groves,  e-mail  systems  engineer 
with  the  network  services  department. 

“What  Microsoft  is  promoting  is  excel¬ 
lent,”  he  says.  “It  would  be  a  real  benefit 
not  to  have  an  additional  server  to  run, 
having  an  integrated  [Windows]  GUI,  and 
it  would  make  licensing  easier,  and  I’m 
pretty  sure  cheaper? 

While  he  says  BlackBerries  are  easy  for 
new  users  to  work  with,  Groves  adds  that 
he  expects  the  rival  manufacturers  work¬ 
ing  with  Windows  Mobile  5.0  will  shortly 
match  them  in  features,  ease  of  use  and 
overall  quality. 

OSU  CIO  Jon  Dolan  likes  the  prospect  of 
being  able  to  exploit  the  industrial-strength 
Exchange  infrastructure  at  the  university 
“We  cluster  our  front-end  servers,  and  we 
have  a  storage-area  network  on  the  back 
end,”  he  says.  “So  we  have  Exchange  in  a 
more  redundant,  fault-tolerant  configura¬ 
tion  than  our  BlackBerry  Enterprise  Server?’ 

Exchange  users  are  going  to  put  Micro¬ 
soft’s  “BlackBerry  Killer”  through  its  paces 
over  the  coming  months  and  find  out  just 
how  effective  the  Microsoft  engineers  have 
been  in  meeting  enterprise  requirements 
for  mobile  messaging.  ■ 


nww.com 

Wireless  event 

Wireless  LANs  and  Enterprise  Mobility  is  one  of  six 
fast  tracks  at  IT  Road  Map  events  coming  to 
Boston,  Chicago,  Dallas  and  the  Bay  Area.  Forty  IT 
all-stars,  analysts  and  vendors  offering  new  tech¬ 
nology  and  best  practices. 

DocFinder:  2025 
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Short  Takes 


8  Google  is  testing  a  program  to 
offer  Gmail  as  an  enterprise  hosted 
e-mail  service,  thus  extending  the 
scope  of  this  Web  mail  service  from 
individuals  to  the  realm  of  businesses, 
universities  and  other  organizations. 
The  program  makes  Gmail  the  back¬ 
end  service  for  all  users  on  an  organi¬ 
zation's  e-mail  domain,  with  all  neces¬ 
sary  hardware  and  software  provided 
by  Google.  Each  user  will  get  2GB  of 
storage  space.  The  service,  called 
“Gmail  for  your  domain,”  also  gives 
organizations  a  control  panel  for  their 
IT  departments  to  administer  and 
manage  user  accounts.  Companies 
interested  in  being  part  of  this  limited 
beta  program  can  apply  at  www. 
nww.com,  DocFinder:  2238.  It  isn't 
clear  from  the  information  available 
on  the  Google  site  how  much  it  costs 
to  participate  in  the  beta  program,  or 
how  much  Google  plans  to  charge  for 
the  service  when  it  becomes  generally 
available. 


Start-up  offers  content  mgmt. 


BY  ANN  BEDNARZ 

Open  source  software  start-up  Alfresco 
Software  has  new  funding  to  fuel  its  drive 
into  the  corporate  content-management 
arena.  The  London  company,  launched  a 
year  ago,  closed  an  $8  million  second 
round  of  venture  funding  earlier  this 
month. 

Alfresco’s  flagship  software  combines  a 
content  repository  and  portal  framework 
to  help  companies  keep  tabs  on  every¬ 
thing  from  e-mail  and  images  to  streaming 
media  and  XML  content. Standard  features 
include  rule-based  processing,  document- 
level  security  version  control,  automatic 
metadata  extraction  and  collaboration 
capabilities. 

The  company  offers  three  versions  of  its 
software: 


•  Alfresco  Community  Network,  a  free 
download. 

•  Alfresco  Enterprise  Network,  a  support 
subscription  that  includes  such  enterprise 
features  as  patch  support,  clustering  and 
directory-based  authentication. A  12-month 
subscription  starts  at  $7,500  per  CPU  for  an 
unlimited  number  of  users. 

•  Alfresco  Small  Business  Network,  which 
is  designed  for  small  and  midsize  business¬ 
es  and  includes  the  vendors  standard  en¬ 
terprise  features.  A  12-month  subscription 
for  20  users  starts  at  $3,000. 

About  120,000  people  have  downloaded 
Alfresco’s  content  management  software 
since  it  became  available  in  June,  and  16 
firms  have  signed  up  for  enterprise  support 
contracts,  according  to  John  Newton, 
Alfresco’s  co-founder  and  CTO. 


The  software  is  designed  to  achieve 
greater  user  acceptance  than  traditional 
platforms  from  such  vendors  as  Docu- 
mentum,  FileNet,  IBM  and  Interwoven, 
Newton  says.  Users  often  circumvent  enter¬ 
prise  content-management  products  be¬ 
cause  of  their  cumbersome  Web  interfaces 
and  use  Microsoft’s  shared  network  drives 
to  swap  content  instead. “It’s  just  so  much 
easier  for  users  to  dump  stuff  onto  a  shared 
drive  and  send  an  e-mail  saying  where  to 
find  it,”  Newton  says. 

With  its  software,  Alfresco  is  capitalizing 
on  users’  familiarity  with  shared  drives. 
Alfresco  is  using  open  source  software  from 
Spring  that  emulates  a  Microsoft  shared  file 
system  and  lets  Alfresco  expose  its  content 
repository  via  an  interface  that  looks  like  a 
See  Alfresco,  page  22 


Quest  extends  single  sign-on  support 


8  Voyence  last  week  upgraded  its 
software  to  manage  network  change 
and  configuration,  which  the  compa¬ 
ny  says  can  help  network  managers 
automate  more  tasks  when  rolling 
out,  configuring  and  tracking  changes 
on  network  devices.  VoyenceCon- 
trol  Next  Generation  includes 
modeling  technology  that  lets  cus¬ 
tomers  configure  devices  in  software 
before  they  are  deployed,  which  will 
reduce  the  chances  of  human  error, 
the  company  says.  Voyence  also 
added  a  feature  it  says  will  reduce 
the  amount  of  manual  labor  needed 
to  maintain  devices.  Dubbed  "zero- 
touch  install,"  the  feature  verifies 
hardware  identity,  updates  operating 
system  images,  pushes  the  defined 
configuration  and  automatically  runs 
diagnostics  on  devices.  Voyence  in¬ 
cludes  centralized  software  installed 
on  a  server,  as  well  as  software  dis¬ 
tributed  on  other  services  to  support 
and  collect  data  from  network 
devices.  The  base  price  forVoyence- 
Control  Next  Generation  is  $15,000  to 
manage  150  devices.  The  company 
says  an  average  implementation  can 
cost  about  $45,000. 


BY  JOHN  FONTANA 

Quest  last  week  added  single  sign-on 
application  support  to  its  software  that  inte¬ 
grates  Active  Directory  with  Unix  and  Linux 
platforms. 

With  Vintela  Authentication  Services 
(VAS)  3.0,  users  can  expand  single  sign-on 
capabilities  to  applications  running  on 
non-Windows  platforms.  Previously  the  soft¬ 
ware  gave  users  single  sign-on  to  Linux, 
Unix  and  Windows  platforms,  but  not  to 
individual  applications.  Windows  users 
had  to  have  a  separate  user  name  and  pass¬ 
word  for  logons  to  applications  on  those 
platforms. 

Now  that  Quest  is  aggregating  users’  ac¬ 
cess  to  the  network  and  applications  with  a 
single  logon,  the  company  plans  to  expand 
its  smart  card  support  to  Linux  and  Unix. 
The  move  lets  companies  install  two-factor 
authentication  across  platforms  to  secure 
users’  access  credentials. 

Quest  also  has  made  it  possible  to  migrate 
users  from  Unix  Network  Information 
System,  a  database  of  user  passwords,  to 
Active  Directory  This  migration  capability  is 
supported  by  Quest’s  Unix  Personality 
Management  feature,  which  lets  users  cre¬ 
ate  a  Unix  personality  in  Active  Directory 
that  is  used  to  assign  users  to  Unix  servers. 

“You  have  to  able  to  secure  all  your  iden¬ 
tities,”  says  And  i  Mann,  a  senior  analyst  with 


Enterprise  Management  Associates  in 
Boulder,  Colo. “The  basic  principle  of  secu¬ 
rity  is  security  at  every  level,  knowing 
every  user  at  every  point,  not  just  on  the 
operating  system,  but  with  the  applications 
as  well,”  he  adds. 

VAS  3.0  ships  with  connectors  for  SAP 
and  IBM’s  DB2  database  and  includes  an 
API  for  building  custom  connections  to 
other  systems.  Quest  plans  to  add  support 
later  this  year  for  Oracle’s  database  and 
financial  applications.  Quest  also  is  adding 
reporting  features  from  its  Quest  Reporter 
software  to  the  VAS  platform  to  help  users 
meet  auditing  and  compliance  regulations. 

Quest,  which  acquired  privately  held 
Vintela  last  year,  has  been  upgrading  VAS 
since  late  last  year.  It  first  combined  the  plat¬ 
form  and  Vintela  Group  Policy  into  a  single 
product  called  VAS  with  Group  Policy  Com¬ 
ponents.  Microsoft’s  group  policy  lets  ad¬ 
ministrators  control  configurations  of  desk¬ 
tops  and  servers.  Quest  also  added  support 
for  Solaris  10  and  Linux  on  64-bit  AMD  and 
Intel  chips. 

Quest  competes  with  companies  such  as 
Bindview,  NetlQ  and  NetPro  on  manage¬ 
ment  of  Microsoft  infrastructure  and  with 
Centeris  and  Centrify  on  integration  with 
Unix  and  Linux. 

VAS  3.0  is  priced  at  $325  per  server  and 
$45  per  user.  B 


Microsoft-Unix  merge 

Quest  has  updated  its  Vintela 
Authentication  Services  (VAS)  with 
features  that  help  migrate  Unix  Network 
Information  System  user  identifiers  to 
Microsoft’s  Active  Directory. 


The  Unix  Personality  Management  feature 
in  VAS  3.0  lets  users  list  Unix  personality 
information  in  the  organizational  units  that 
make  up  Microsoft's  Active  Directory. 
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Father  knows  best  about  net  neutrality 


NET  INSIDER 

Scott  Bradner 


Testifying  at  a  Feb.  7  Senate 
Commerce  committee  hearing, 
Googles  Vint  Cerf  asked  senators 
not  to  let  the  phone  companies 
mess  up  the  Internet’s  architec¬ 
tural  model.  Walter  McCormick  Jr., 
president  of  the  U.S.  Telecom 
Association,  followed  Cerf,  stating 
that  telecom  companies  will  not 
do  any  of  the  evil  things  Cerf 
(often  called  the  “Father  of  the  In¬ 
ternet”)  was  worried  about,  but 
asking  the  senators  not  to  block 
their  ability  to  do  so. 

Many  other  speakers  and  many 
committee  members  let  us  know 
their  opinions,  but  in  the  end  the 
choice  in  this  hearing  came  down 


to  two  parties:  the  telecom  folk, 
who  want  the  ability  to  extort 
money  from  companies  using  the 
Internet  to  deliver  services  to  their 
customers,  and  those  worried  that 
anything  of  the  sort  would  kill  the 
generative  powers  of  the  Internet. 

The  hearing  (see  streaming 
video  at  www.nww.com,  Doc- 
Finder:  2232)  concerned  the  con¬ 
cept  of  net  neutrality.  Pure  net 
neutrality  would  mean  that  an  ISP 
would  not  be  able  to  differentiate 
its  processing  of  different  types  of 
traffic.  The  alternative  to  a  neutral 
network  is  an  environment  where 
the  ISP  could  differentiate  its  pro¬ 
cessing  of  traffic  types  based  on 
whatever  grounds  it  wanted.  The 
most  commonly  mentioned  rea¬ 
sons  for  such  differentiation  are 
first,  that  an  ISP  offering  services 
such  as  video  or  voice  runs  its 
own  traffic,  and  at  a  higher  priority 
than  traffic  from  others  offering 
competing  services;  and  second, 


that  a  service  provider,  such  as 
Google  or  Vonage,  pays  the  ISP 
money  to  get  its  traffic  prioritized 
(see“Blocking  the  power  of  the  In¬ 
ternet”  at  DocFinder:2233). 

Cerf  was  quite  eloquent  —  as  he 
is  wont  to  be  —  in  both  his  oral 
and  written  testimony  (for  a  list  of 
the  hearing’s  witnesses  and  links 
to  their  formal  testimony  see  Doc- 
Finder:  2234).  He,  along  with  a 
number  of  other  witnesses, 
described  the  current  state  of 
competition  in  broadband  ser¬ 
vices  to  different  parts  of  the  coun¬ 
try.  (That  state  is  not  very  good. 
Only  half  of  customers  get  any 
choice  at  all  and  a  significant  per¬ 
centage  has  no  way  to  get  broad¬ 
band  Internet  access.)  They  wor¬ 
ried  that  letting  ISPs  (almost  all 
telephone  and  cable  TV  compa¬ 
nies)  decide  what  content  and 
applications  their  customers 
could  get  quality  access  to  would 
destroy  the  ability  of  new  services 


to  get  started,  because  they  could 
not  afford  to  pay  the  ISPs  to  get 
reasonable-quality  access  to  the 
ISPs’  customers.  One  of  this  group, 
Gary  Bachula,  a  vice  president  of 
the  Internet2  consortium  (see 
DocFinder:  2235), said  there  was 
no  reason  for  any  traffic  prioritiza¬ 
tion.  Internet2’s  research  has 
shown  that  adding  bandwidth  was 
less  expensive  and  better,  he  said. 

The  other  side  said  it  would 
never  “block,  impair  or  degrade 
content,  applications  or  services.” 
(McCormick,  who  made  this  vow, 
was  forced  later  in  the  hearing  to 
admit  that  some  ISPs  were  already 
blocking  access  to  some  ser¬ 
vices.)  This  group  painted  a  dire 
picture  of  no  additional  deploy¬ 
ment  of  broadband  ISPs,  because 
the  ISPs  would  not  be  able  to  get 
enough  money  for  the  service  to 
pay  for  the  deployment.They  were 
quite  careful  not  to  say  just  what 
they  would  do  to  get  the  money 


that  would  not  involve  blocking. 
We  are  left  to  guess. 

This  hearing  came  down  to  one 
group,  including  the  Father  of  the 
Internet,  saying  that  it  is  not  time 
to  break  the  model  that  created 
today’s  incredibly  important  and 
dynamic  Internet,  and  another 
group  saying  that  the  Internet 
will  stop  expanding  unless  its 
members  can  somehow  get 
someone  other  than  their  cus¬ 
tomers  to  give  them  money  to  do 
what  their  customers  already  pay 
them  to  do.  This  is  a  case  of 
Father  Knows  Best. 

Disclaimer:  No  school  operating 
in  loco  parentis  always  knows 
best,  not  even  Harvard.  But  the 
above  opinion  on  fatherly  knowl¬ 
edge  is  my  own. 

Bradner  is  a  consultant  with 
Harvard  University’s  University 
Information  Systems.  He  can  be 
reached  at  sob@sobco.com. 


Sophos  enters  email 
security  appliance  market 


Alfresco 

continued  from  page  21 

shared  file  drive. 

The  product’s  architecture  also  is  a  dis¬ 
tinguishing  feature,  Newton  says,  because 
it  uses  a  modular  method  called  aspect- 
oriented  programming.  “An  ‘aspect’  is 
another  name  for  a  module  that  can  be 
plugged  in  at  run-time,"  Newton  says. 
Aspect-oriented  programming  gives  com¬ 
panies  the  flexibility  to  plug  in  or  leave 
out  versioning  or  archiving,  to  improve 
performance. 

“If  you  don’t  need  to  do  client/server 
communication,  that’s  a  big  chunk  out  of 
your  computation  costs.  If  you’re  not  stor¬ 
ing  all  the  metadata  that  you  don’t  need, 
that’s  another  big  chunk  out  of  database 
administration  costs,”  Newton  says. 

Newton  is  no  stranger  to  the  enterprise 
content-management  world.  He’s  one  of 
the  founders  of  Documentum,  now  an 
EMC  company  Newton  joined  John  Fbwell, 
a  former  CTO  at  Business  Objects,  to  found 
Alfresco. 

A  number  of  other  ex-Documentum  staff 
also  migrated  to  Alfresco.  Engineers  in¬ 
volved  in  designing  Documentum’s 
Webtop  user  interface,  Java  Web  develop¬ 
ment  kit  and  portal  integrations  came  on 
board,  Newton  says. 

Newtons  experience  at  Documentum, as 
well  as  the  engineers  he  brought  with  him 
to  Alfresco,  helped  persuade  Bob  Hecht  to 
take  a  look  at  the  open  source  software. 
Hecht  is  vice  president  of  content  strate¬ 
gies  at  lnforma  in  London,  which  pro¬ 
duces  publications,  events  and  data  ser- 


Profile:  Alfresco  Software 


Founded: 

January  2005 

Location: 

London 

Products: 

Open  source  enterprise  content- 
management  software  and 
services. 

Key  executives: 

President  and  CEO  John  Powell, 
former  COO  at  Business 

Objects;  CTO  and  Chairman 

John  Newton,  former  co¬ 
founder  of  Documentum. 

Funding: 

$10  million  in  venture  funding, 
including  an  $8  million  second 
round  closed  in  February  2006. 

vices  worldwide. 

In  a  previous  role,  Hecht  purchased  Docu¬ 
mentum’s  software  and  liked  its  Webtop 
interface  in  particular.  But  Informa  wasn’t 
willing  to  commit  the  funds  a  Docu¬ 
mentum  rollout  would  have  required, 
Hecht  says. 

He  evaluated  a  number  of  commercial 
and  open  source  content-management 
products,  but  many  of  the  commercial 
options  sacrificed  too  many  features,  while 
most  of  the  open  source  alternatives 
focused  too  narrowly  on  Web  content  man¬ 
agement,  he  says. 

Although  the  Alfresco  software  doesn’t 
have  the  sophistication  of  a  product  such 
as  Documentum,  it  met  enough  of  In¬ 
forma’s  requirements,  at  a  cost  Hecht  esti¬ 
mates  will  be  “about  one  and  a  half  orders 
of  magnitude  less  expensive”  than  a  com¬ 
mercial  option.  ■ 


BY  CARA  GARRETSON 

Sophos,  which  has  long  offered  its  anti¬ 
virus  and  anti-spam  software  for  resale  by  a 
number  of  messaging-security  appliance 
makers’  wares,  is  looking  to  sell  to  corpo¬ 
rate  customers. 

The  company  last  week  announced  its 
first  messaging-security  appliance,  the 
ES4000,  which  features  Sophos’  own  anti¬ 
virus  and  anti-spam  software  for  inbound 
and  outbound  e-mail.  The  software  in¬ 
cludes  some  outbound  compliance-filter¬ 
ing,  for  example,  searching  outgoing  mes¬ 
sages  for  keywords  and  blocking  them, says 
Chris  Kraft,  the  company’s  vice  president  of 
product  management. 

Sophos  says  the  ES4000  is  a  hybrid 
approach  to  e-mail  security,  because  it 
mixes  the  convenience  of  an  appliance 
with  the  support  of  an  outsourced  service. 
Customers  won’t  need  to  monitor  or  main¬ 
tain  the  appliance,  Kraft  says,  because 
Sophos  does  that  for  them.  Through  an 
Internet  connection,  Sophos  staff  remotely 
monitors  the  health  of  the  appliance  hard¬ 
ware  and  alerts  customers  when,  for  exam¬ 
ple,  a  queue  is  filling  up  and  might  affect 
the  performance  of  the  unit,  Kraft  says. 
When  a  fix  can  be  done  remotely,  Sophos 
staff  will  alert  the  customer  to  the  situation 
and  perform  the  maintenance. 

Sophos  says  this  remote  monitoring  and 
maintenance  make  the  ES4000  an  option 


for  companies  that  want  relief  from  man¬ 
aging  their  own  appliances  but  still  want  to 
be  able  to  keep  their  e-mail  in-house. 

The  20-year-old,  privately  held  Sophos  has 
a  long  history  in  the  anti-virus  market  and 
more  recently  entered  the  anti-spam  mar¬ 
ket  with  its  Unix-based  gateway  offerings. 
Companies  including  IronFbrt,  Mirapoint, 
and  Secure  Computing  resell  one  or  both 
of  Sophos’ software  products.The  company 
says  30%  of  companies  running  e-mail 
security  appliances  are  already  using  its 
software. 

Sophos  maintains  that  it  isn’t  competing 
with  its  partners  in  releasing  its  gateway 
appliance  because  it  is  one  of  the  first  to 
introduce  the  concept  of  a“managed  appli¬ 
ance,”  Croft  says. 

One  consultant  doesn’t  necessarily  agree. 
“Sophos  certainly  faces  the  risk  of  alienat¬ 
ing  those  [appliance]  partners,  but  with 
anti-virus  and  anti-spam  becoming  com¬ 
moditized,  it  probably  isn’t  going  to  hurt 
them  that  much,” says  Michael  Osterman, 
president  of  Osterman  Research. “Any  neg¬ 
ative  would  be  more  than  offset  by  in¬ 
creased  sales.” 

The  ES4000  is  aimed  at  large  organiza¬ 
tions  —  those  with  between  1 ,000  and  5,000 
users  —  that  process  millions  of  e-mail  mes¬ 
sages  a  day  It  arrives  preconfigured  at  the 
site  based  on  the  customer’s  specifications. 
Pricing  starts  at  $9,000.  ■ 


ADVERTISEMENT 


Realizing  a  Dream  Data  Center  Design 

Using  ForcelO  high-density  switch/routers,  Veritas’  IT  team  was  able  to  implement  the  simple,  scalable  design  they  desired. 


Processing  volumes  of  data  better,  faster  and 
cheaper  is  at  the  heart  of  Veritas  DGC's  value  propo¬ 
sition  to  its  customers  —  making  IT  strategic  to  the 
company's  competitiveness.  So  when  it  came  time  to 
upgrade  its  computing  clusters  from  Fast  Ethernet  to 
Gigabit  Ethernet  (GbE)  connections  (one  of  several 
cluster  interconnect  technologies  used),  the  IT  team 
knew  it  had  an  opportunity  to  design  a  network  core 
that  could  help  the  company  reduce  data  center  costs 
and  hone  its  competitive  edge  for  years  to  come. 


Veritas’  Global  Processing  Facility  in  its  Houston 
Headquarters  effectively  manages  the  extreme  compute 
demands  of  today’s  most  advanced  geophysical  processing. 


Veritas,  headquartered  in  Houston,  Texas,  is  a  lead¬ 
ing  provider  of  integrated  geophysical  information 
and  services  to  the  petroleum  industry  worldwide. 
Among  its  services  are  seismic  survey  planning  and 
design,  seismic  data  acquisition,  and  the  processing, 
visualization,  and  archiving  of  3D  and  2D  data. 

Due  to  the  enormous  amount  of  processing  capac¬ 
ity  and  network  bandwidth  required  to  manipulate 
such  complex  data,  Veritas'  IT  infrastructure  is  key 
to  its  ability  to  generate  revenue.  Making  that  infra¬ 
structure  ever  more  efficient  is  a  challenge  for  IT. 
"We  have  to  be  able  to  drive  down  our  costs  so  we 
can  reduce  costs  to  customers,"  notes  Phil  Gaskell, 
Veritas'  Global  Network  Manager.  "If  we  can  deploy 
a  network  for  $3  million  as  opposed  to  $5  million, 
we  can  deliver  a  more  cost  effective  solution  and 
improve  our  bottom  line." 

When  IT  staff  brainstormed  about  what  the  ideal 
data  processing  facility  design  would  be,  it  became 
clear  they  wanted  fewer  layers  in  the  network.  "That 
was  our  dream  design  —  everything  taken  away,  with 
a  big  chuffing  switch  with  lots  of  ports  at  the  core," 
says  Doug  Northrup,  Veritas'  Houston  Manager  of 


Networks.  Forcel  0  Networks  was  the  only  vendor  that 
could  deliver  a  switch/router  with  the  port  density  and 
resiliency  Veritas  needed,  according  to  Northrup. 

Realizing  the  Dream  Core 

The  initial  challenge  facing  the  IT  team  was  to 
scale  the  network  core  in  each  data  processing  center 
to  accommodate  large  numbers  of  GbE  interfaces. 
But  the  team  also  wanted  a  network  design  that  was 
flexible  and  scalable  enough  to  accommodate  new 
technologies  and  traffic  flows  down  the  line.  Lack¬ 
ing  a  very  high  density  core  device,  other  networking 
vendors  proposed  designs  that  required  numerous 
inter-switch  links.  And  IT  would  have  had  to  build 
resiliency  into  the  network  through  redundant  devices, 
links  and  other  mechanisms. 

"That  design  would  have  cut  down  on  the  infra¬ 
structure's  scalability  and  increased  the  cost  and 
complexity,"  Northrup  says.  "You  end  up  using  more 
ports  to  connect  switches  together  than  you  do  for 
connecting  systems  to  switches.  And  instead  of  a 
non-blocking  core,  you  have  to  implement  an  over¬ 
subscribed  core." 

In  contrast,  Forcel  0's  E-Series  1200  switch/router 
scales  up  to  1260  GbE  or  224  10  GbE  ports  per 
chassis  and  features  a  non-blocking  switch  fabric.  The 
E1200  has  allowed  Veritas  to  eliminate  an  aggregation 
layer  from  its  network  architecture,  reducing  overall 
network  cost  as  well  as  latency.  "Don't  aggregate 
unless  you  have  to,"  Gaskell  advises.  "It  adds  costs 
and  inefficiencies." 

In  addition  to  high  port  density,  resiliency  is 
built  into  the  El 200.  All  E-Series  devices  have  fully 
redundant  components,  ensuring  hitless  failover  with 
no  packet  loss  in  the  event  a  component  fails.  The 
E-Series  also  has  a  fully  distributed  architecture  with 
independent  processors  for  switching,  routing,  and 


management,  which  allows  faults  to  be  contained. 
Because  resiliency  is  inherent  in  the  El 200,  Veritas' 
IT  team  didn't  have  to  build  these  capabilities  into  the 
network,  thus  lowering  their  operations  and  manage¬ 
ment  overhead. 

"The  El  200  is  a  very  well  designed,  redundant 
piece  of  machinery,"  Northrup  says.  Gaskell  concurs: 
"The  only  component  we  could  break  was  the  paint. 
I  can  sleep  well  at  night." 

The  Ultimate  Benefit:  Flexibility 

Veritas  currently  has  ForcelO  E600s  and  El 200s 
deployed  in  its  Houston,  London,  and  Singapore  data 
centers.  Having  such  high-density  switch/routers  has 
allowed  IT  to  build  efficient,  high  bandwidth,  resilient 
data  center  back  ends  with  the  scalability  to  accom¬ 
modate  future  changes. 

And  by  allowing  Veritas  to  implement  a  simpler 
network  design,  the  El  200  has  enabled  IT  to  drive 
down  equipment  and  overhead  expenses.  Fewer 
devices  in  the  network  means  lower  power  con¬ 
sumption  and  cooling  costs,  for  example,  and  less 
management  overhead.  Northrup  notes  that  transi¬ 
tioning  to  Forcel  0's  equipment  was  "seamless,"  with 
virtually  no  learning  curve  for  the  staff. 

Above  all,  ForcelO  has  given  Veritas  flexibility. 
"We're  always  pushing  the  edge  with  new  technolo¬ 
gies,"  notes  Gaskell.  "Flexibility  was  one  of  the  main 
things  we  were  looking  for.  We  don't  know  what's 
coming  around  the  corner  and  we  don't  want  to  lock 
ourselves  into  an  architecture.  Such  a  high  density 
core  gives  us  the  flexibility  to  explore  different  design 
options.  And  if  a  new  technology  comes  along,  or  the 
algorithms  or  traffic  flow  change,  we  wouldn't  have  to 
re-engineer  the  network  or  forklift  out  the  infrastruc¬ 
ture  with  Forcel  0." 


For  a  FREE  white  paper  on  the  ForcelO  data  center  vision,  visit 

www.nww.com/2force  1 0 
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THE  INTERNET  VPNS  INTEREXCHANGES  AND  LOCAL  CARRIERS  WIRELESS  m  REGULATORY  AFFAIRS 


E  PROVIDERS 


CARRIER  INFRASTRUCTURE 


EYE  ON  THE  CARRIER 

Johna  Till  Johnson 


Last  week,  we  examined  the  bio  of 
the  newest  FCC  commissioner,  Robert 
McDowell.  He’s  a  more  important  guy 
than  it  might  first  appear,  because  he’ll 
serve  as  the  swing  vote  on  a  number  of 
critical  regulatory  and  policy  issues  the 
FCC  plans  on  addressing  in  upcoming 
months.  A  few  examples: 

Net  neutrality.  Unless  you’ve  been  buried 
under  a  snowdrift  all  winter,  you’ve  heard 
about  net  neutrality  Proponents  of  the  con¬ 
cept  —  chiefly  content  producers  such  as 
Google  and  Yahoo  —  argue  that  govern¬ 
ment  should  prohibit  carriers  from  charg¬ 
ing  differently  for  varying  types  of  traffic. 
Carriers  respond  they  should  have  the  right 
to  charge  more  for  particular  types  of  con¬ 
tent,  including  services  such  as  VoIP  and 
content  generated  by  massive  sites  such  as 
Google.The  Senate  started  looking  into  the 
issue  two  weeks  ago,  and  it’s  becoming  a 
contentious  debate  that  will  ultimately 
force  key  semantic  and  philosophical  clari- 
fications.This  is  a  big  hairball,  folks. 

Universal  broadband  access.  Should  the 
government  get  involved  to  accelerate 
deployment  of  broadband  access  in  the 


Short  Takes 


■  Hammerhead  Systems  has 

announced  the  appointment  of 
Richard  Gitlin  as  CTO.  Gitlin  joins 
Hammerhead  after  a  32-year  career 
at  Bell  Labs  and  Lucent  leading 
research  in  digital  communications, 
broadband  networking  and  wireless 
systems.  He  was  CTO  of  Lucent's 
Data  Networking  Business  Unit  and 
senior  vice  president  for  commun¬ 
ications  and  networking  research  at 
Bell  Labs.  After  leaving  Lucent,  Gitlin 
was  vice  president  of  technology  and 
CTO  of  NEC  Labs  America.  He  also 
was  a  professor  of  electrical  engi¬ 
neering  at  Columbia  University 
where  he  taught  courses  and  super¬ 
vised  research  in  networking  and 
wireless  systems. 


Tackling  telecom  policy 


United  States?  That  may  sound  like  a  no- 
brainer,  but  on  closer  examination,  maybe 
we’re  better  off  when  the  government  stays 
out  of  the  business  of  regulating  broadband 
access.  As  noted  in  previous  columns,  state 
governments  and  the  feds  have  aggressively 
moved  to  limit  municipal  and  city  govern¬ 
ments  from  attempting  to  roll  out  munici¬ 
pal  broadband  networks.  So  let’s  see:  The 
government  needs  to  start  promoting 
broadband  access  to  stop  itself  from  pro¬ 
hibiting  broadband  access?  Hmmm. 

Wiretapping,  and  specifically  CALEA. 
Sick  of  hearing  about  government  wire¬ 
tapping  initiatives?  Too  bad. The  Commun¬ 
ications  Assistance  for  Law  Enforcement 
Act  (CALEA),  which  compels  carriers  to 
assist  law  enforcement  authorities  in 


obtaining  access  to  communications  that 
may  be  part  of  an  ongoing  investigation,  is 
supposed  to  take  effect  on  the  Internet  in 
2007.  But  it  may  not:  Various  organizations 
have  filed  suit  in  federal  court  to  block  its 
application  to  the  Internet,  arguing  that 
Congress  explicitly  said  CALEA  would  not 
apply  to  the  ’Net.  So  does  it  or  doesn’t  it? 
I’ll  keep  you  posted. 

Internet  backbone  interconnection 
agreements.  As  most  readers  are  aware,  the 
Internet  has  multiple  backbones. There  are 
two  basic  ways  for  traffic  to  get  from  one 
backbone  to  another:  peering,  in  which 
“like-sized”  service  providers  agree  to  carry 
each  others’  traffic  at  no  cost;  and  transit,  in 
which  one  provider  pays  another  for  deliv¬ 
ery  The  catch  is  that  sometimes  providers 


can  fail  to  come  to  either  a  peering  or  a 
transit  agreement,  in  which  case  entire  net¬ 
works  of  users  can  become  disconnected 
from  the  Internet.  Thus,  one  of  the  ongoing 
and  (I’d  argue)  most  critical  behind-the- 
scenes  issues  facing  the  Internet  is  figuring 
out  a  consistent  framework  for  peering  and 
transit  to  ensure  that  providers  are  com¬ 
pensated  fairly  for  the  costs  of  running  their 
networks,  and  not  arbitrarily  disconnected. 

Yep,  Commissioner  McDowell’s  going  to 
be  a  mighty  busy  guy  Let’s  hope  he  and  the 
rest  of  the  FCC  act  wisely. 

Johnson  is  president  and  senior  founding 
partner  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


Cingular  touts  upgrades  to  wireless 


BY  DENISE  PAPPALARDO 

Cingular  Wireless  last  week  announced 
new  wireless  data-rate  plans  and  a  PC  card 
that  promise  cost  predictability  and  ease  of 
use  for  international  travelers. 

Next  month  Cingular,  a  joint  venture 
between  AT&T  and  BellSouth,  will  offer 
users  its  GlobalConnect  International 
Data  Roaming  flat-rate  plans  that  will  let 
users  wirelessly  access  the  Internet  from 
24  countries  using  High-Speed  Downlink 
Packet  Access  (HSDPA)  and  95  countries 
using  the  slower  Enhanced  Data  Rates  for 
GSM  Evolution/General  Packet  Radio 
Service  (EDGE/GPRS)  network  services. 
The  carrier  also  plans  to  introduce  its 
Option  GlobeTrotter  GT  MAX  Laptop- 
Connect  card  in  March. 

Cingular  says  it’s  the  first  tri-band  card 
that  lets  users  roam  in  the  850MHz, 
1900MHz  and  2100MHz  bands.  Customers 
will  pay  $100  for  the  card. 

With  Cingular’s  old  plan,  customers  paid 
usage-based  roaming  fees,  says  Laura 
Johnson, senior  director  of  enterprise  solu¬ 
tions.  “The  new  plan  is  more  cost  effective 
and  provides  predictability’ she  says. 

Cingular  charged  customers  about  2 
cents  per  kilobyte  for  all  data  traffic  when 
accessing  the  Internet  from  overseas.  The 
new  plans,  which  come  in  two  flavors, elim¬ 
inate  the  per  kilobyte  charge. 

One  plan  will  cost  $110  per  month  and 
includes  unlimited  data  use  in  the  United 


Cingular’s  PC  card  has  a  retractable  antenna 
that  the  carrier  says  will  make  it  easier  to  use. 


States  and  100MB  of  downloads  in  Canada 
and  Mexico.  The  other  plan  will  cost  $140 
and  will  include  unlimited  use  in  the 
United  States  and  100MB  of  downloads  in 
24  countries,  including  Australia,  China, 
France,  Germany  the  United  Kingdom,  Italy 
and  Japan.  Cingular  says  it  plans  to  add 
other  locations.  Users  also  can  connect  to 
the  Internet  over  Cingular  roaming  part¬ 
ners’  EDGE/GPRS  networks  in  95  countries. 

“Cingular  is  pushing  the  envelope 
regarding  U.S.-to-world  mobile  data  roam¬ 
ing  —  by  making  the  pricing  pre¬ 
dictable, ’’says  Brownlee  Thomas,  principal 
analyst  at  Forrester  Research.  But  she 
points  out  that  coverage  for  the  highest 
speed  wireless  data,  Universal  Mobile 
Telecommunications  System  and  HSDPA, 
is  still  an  issue. 

Cingular  says  it  will  support  two  dozen 
countries,  “but  it  doesn’t  fully  commit  to 
their  immediate  availability’Thomas  says. 

Cingular  says  its  PC  card  has  a  retractable 


antenna,  which  means  users  won’t  have  to 
remove  the  card  when  transporting  their 
laptops.  The  device  also  is  integrated  with 
its  Communications  Manager  software  that 
shows  users  which  cellular  and  Wi-Fi  net¬ 
works  are  available  as  they  travel. 

Cingular  says  its  offering  is  better  than 
competitors’  for  business  travelers  be¬ 
cause  users  will  need  only  one  tri-band 
card;  its  service  is  based  on  GSM,  which  is 
more  widely  used  around  the  world;  and 
users  have  access  in  far  more  countries, 
Johnson  says. 

One  analyst  agrees.  “For  U.S.-based  cus¬ 
tomers,  this  is  excellent  news.  It . . .  positions 
[Cingular]  as  a  clear  leader  —  among  U.S. 
mobile  carriers  —  in  addressing  pent-up 
demand  for  better  international  mobile 
data  roaming  pricing  models, Thomas  says. 

In  September,  Verizon  Wireless  and 
Vodafone  Group  started  a  service  that  lets 
customers  use  wireless  Internet  in  more 
than  50  countries,  but  requires  customers 
to  use  two  different  PC  Cards.The  cards  do 
not  support  Wi-Fi.The  card  used  to  access 
Vodafone’s  3G/GPRS  network  costs  either 
$180  or  $230  for  users  that  sign  two-year  or 
one-year  contracts,  respectively  The  card 
used  to  access  Verizon’s  EV-DO  network 
costs  $280  or  $380  for  users  that  sign  two- 
year  or  one-year  contracts,  respectively. 

Nancy  Gohring  of  the  IDG  News  Service 
contributed  to  this  story. 
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TECHNOLOGY  UPDATE 


■  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


Multithreading  weaves  its  way  into  nets 


HOW  IT  WORKS:  Massive  multithreading  (MMT) 

MMT  processors  overcome  traditional  memory  bottlenecks,  allowing  stateful 
packet  processing  in  software  to  achieve  ASIC-like  performance. 


DRAM 
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Tribe  2 
(32  threads) 


Massively  multithreading  processor 


Memory  interconnect 
(shared  memory) 


DRAM 
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Tribe  0 
(32  threads) 


Tribe  1 
(32  threads) 


Tribe  3  (32  threads) 

Q  MMT  streams 

B  MMT  execution  pipelines 

^  MMT  memory  interface  «  ■ 

DRAM 

O  Each  incoming  packet  is  assigned  to  a  separate  software  thread  with  its  own  hardware  stream. 

B  The  threads  are  executed  16  at  a  time  in  the  execution  pipelines. 

B  The  memory  interface  provides  high-speed  I/O  to  the  external  DRAM  for  ail  16  pipelines  concurrently. 
□  The  memory  interconnect  lets  packets  in  a  stateful  flow  be  processed  in  any  tribe. 

Note:  Tribe  3  is  enlarged  to  show  additional  detail. 


BY  MARIO  NEMIROVSKY 

Network  systems  increasingly  need  to  be 
application-aware  to  control  access,  allo¬ 
cate  resources  and  prioritize  traffic.  Main¬ 
taining  stateful  packet  flow  information  at 
gigabit/second  line  speeds  requires  a  rate 
of  random  memory  access  that  is  beyond 
the  capability  of  today’s  traditional  proces- 
sors.And  application-specific  integrated  cir¬ 
cuits  (ASICs),  while  fast,  can’t  keep  pace 
with  constant  changes  in  network  proto¬ 
cols  and  applications. 

A  new  architectural  approach  for  applica¬ 
tion-aware  networks  has  demonstrated  tan¬ 
gible  benefits:  massive  multithreading 
(MMT).  Understanding  this  technology  is 
key  to  evaluating  the  next  wave  of  network 
infrastructure. 

In  the  current  generation  of  MMT  proces¬ 
sors,  software  threads  typically  correspond 
one-to-one  to  hardware  threads,  or  streams. 
Threads  are  often  organized  into  clusters,  or 
tribes,  to  optimize  resource  utilization,  and 
multiple  tribes  can  be  implemented  in  the 
same  chip.  Each  tribe  has  access  to  its  local 
external  dynamic  RAM  (DRAM),  as  well  as 
to  a  shared  internal  memory  The  term 
pipeline  (or  core)  refers  to  the  physical  cir¬ 
cuitry  that  executes  software  instructions. 

Networking  differs  fundamentally  from 
desktop  computing  because  processing 
stateful  packet  flows  requires  frequent 
access  to  data  with  low  locality  Locality 
involves  the  likelihood  of  having  the  re¬ 
quired  data  or  instruction  available  in  the 
processor’s  current  memory  location.  Be¬ 
cause  packets  in  a  stateful  flow  arrive  at 
random  intervals,  networking  equipment 
benefits  little  from  PC-oriented  multi¬ 


processors  that  depend  on  a  high  degree  of 
locality  for  better  performance.  Low  locali¬ 
ty  results  in  a  high  rate  of  requests  for  data 
that  is  not  in  cache,  which  increases  latency 
beyond  acceptable  limits. 

MMT  maximizes  memory  throughput  by 


letting  a  greater  number  of  memory  re¬ 
quests  to  be  active  simultaneously  Because 
of  this,  MMT  is  able  to  perform  sophisticat¬ 
ed  protocol  processing  in  software  at 
throughput  levels  that  previously  required 
one  or  more  dedicated  ASICs.  This  opti¬ 


mization  of  RAM  access  also  enables  MMT 
to  overcome  the  stateful  packet  throughput 
limitations  of  traditional  multiprocessors. 

Each  memory  operation  introduces  pro¬ 
cessing  latency  To  maintain  low  latency 
and  high  throughput  in  the  face  of  de¬ 
manding  memory  access  requirements, 
network-oriented  multiprocessing  architec¬ 
tures  need  to  support  a  very  high  number 
of  simultaneous  threads  and  execution 
pipelines,  each  with  its  own  dedicated  pro¬ 
cessing  resources.  By  pushing  packets  in 
parallel  through  100  or  more  threads,  deep 
packet  inspection  can  be  sustained  at 
lOGbps  data  rates  with  a  latency  of  less 
than  1  millisec  —  an  impossible  task  for 
two  (or  even  two  dozen)  threads  operating 
at  today’s  high-end  clock  rate  of  4  GHz.This 
allows  MMT  to  accommodate  VoIP  and 
other  delay-sensitive  applications  on  high¬ 
speed  backbones. 

As  bandwidth  continues  to  increase,  an 
even  greater  number  of  simultaneous 
threads  may  become  necessary  Initially  the 
demand  will  be  met  with  higher  thread 
counts  implemented  in  tribes  of  multiple 
streams  served  by  separate  cores.  Such 
advances  are  occurring  already  for  net¬ 
work-access  control  and  identity-based  net¬ 
work  applications  in  LANs,  where  128 
threads  is  the  state  of  the  art.  Over  time, 
advances  in  technology  will  permit  higher 
levels  of  protocol  processing  parallelism 
with  a  greater  number  of  streams  and  exe¬ 
cution  pipelines. 

Nemirovsky  is  chief  scientist  for  Con- 
Sentry  Networks.  He  can  be  reached  at 
mario@consentry.  com. 


Did  you  really  mean  to  say  that  using  a  static  IP 
address  will  make  file  transfers  go  faster  than 
using  DHCP  IP  addresses?  (see  www.nww.com, 
DocFinden  2237) 

No,  using  static  addresses  is  not  magically  faster  than 
using  DHCP  addresses.  The  goal  in  that  article  was  to 
get  two  PCs  on  the  same  physical  network  segment 
onto  the  same  IP  subnet,  so  that  the  router  hop  could  be 
eliminated  from  the  file  transfer  network  path.  The  same 
result  could  be  accomplished  by  putting  those  two  PCs 


onto  the  same  IP  subnet  using  DHCP  rather  than  static 
ones.  When  the  physical  segments  line  up  with  the  IP 
subnets,  packets  bound  for  destinations  on  the  same 
subnet/segment  are  delivered  directly  in  Ethernet 
frames.  When  IP  packets  are  delivered  through  a  router, 
the  router  delivers  the  packets  to  the  destination  ma¬ 
chine  in  Ethernet  frames.  In  IPv6  networks  the  IP 
address  can  be  automatically  derived  from  the  Ethernet 
media  access  control  address  without  DHCP  or  static 
address  management.  In  IPv4  the  Ethernet  addresses 
are  longer  than  the  IP  addresses,  so  systems  use 


Address  Resolution  Protocol  to  map  from  one  to  the 
other.  When  it’s  time  to  deliver  the  data  to  a  wired 
Ethernet  device,  the  data  travels  the  last  segment  to  the 
receiving  machine  in  an  Ethernet  frame.  In  my  previous 
article,  the  point  of  changing  the  addresses  was  to  limit 
the  trip  to  one  hop  from  sending  machine  to  receiving 
machine,  so  the  data  could  be  sent  directly  by  Ethernet 
without  the  intervention  of  an  IP  router. 

Blass,  a  network  architect  at  Change@Work  in  Houston, 
can  be  reached  at  dr.internet@changeatwork.com. 


26  •  www.networkworld.com  •  2.20.06 


advice  from  Acid  Pro 


Sound 

This  week  we  embark  onto  the  seas 
of  multimedia.  Over  the  next  few 
weeks  we’ll  be  looking  at  products 
and  technologies  that  will  make  your 
struggles  with  graphics,  audio  and 
video  a  lot  easier. 

Multimedia  is  becoming  increas¬ 
ingly  important,  which  means  you  IT 
chaps  are  having  to  get  more 
involved  in  figuring  out  how  to  drive 
multimedia  authoring  and  editing 
products,  as  well  as  integrating  them 
into  corporate  business  processes. 

So,  let  us  start  with  sound  recording  and  editing. 

For  recording  we  used  to  use  Sonic  Foundry’s  Acid  soft¬ 
ware,  which  let  us  not  only  record  but  also  mix  our  record¬ 
ings  with  sound  effects  and  generally  tweak  multiple 
tracks. This  was  a  couple  of  years  ago,  back  when  we  start¬ 
ed  doing  what  today  is  called  podcasts. 

If  you  want  to  hear  how  we  used  and  abused  the  old  ver¬ 
sion  of  Acid,  check  out  Gibbsblog  for  a  link  to  the  audio  of 
“Gibbs  Out  Loud  Episode  41,750’  (www.nww.com,  Doc- 
Finder:  2242). Should  you,  by  some  strange  chance, enjoy  it 
and  care  to  tell  us,  we  might  just  do  more  episodes.  Or  not. 
It’s  hard  to  know. 

Be  that  as  it  may  the  latest  version  of  the  software  is  Acid 
Pro  5  (DocFinder:  2241)  and  is  now  published  by  Sony 
which  acquired  Sonic  Foundry’s  audio  product  lines  some 
time  ago. 


For  multimedia  development  the  latest  version  of  Acid 
Pro  is  incredibly  useful  and  effective  yet  fairly  easy  to  come 
to  grips  with.  The  software  runs  under  Windows  2000  or 
Windows  XPand  you’ll  need  at  least  an  800MHz  processor 
and  a  1 ,024-by-768-pixel  screen.  If  you  plan  to  use  the  video 
feature, you’ll  need  a  1GHz  processor  or  better. 

The  concept  behind  Acid  is  similar  to  a  recording  studio 
with  multitrack  capability  You  load  prerecorded  sounds  to 

For  multimedia  development  the 
latest  version  of  Acid  Pro  is 
incredibly  useful. 

each  track  or  record  into  a  track  from  your  PC  sound  card. 
You  then  specify  in  a  track’s  timeline  when  and  for  how  long 
the  track  is  to  play  as  well  as  define  the  track’s  volume  and 
pan  (that’s  the  balance  between  left  and  right)  envelopes. 

There  are  four  types  of  tracks:  loops,  one-shots,  beat- 
mapped  and  Musical  Instrument  Digital  Interface  (MIDI). 
Loops  are  usually  one  to  four  measures  in  length  and  are 
usually  used  for  repeating  sounds,  such  as  drums.  One- 
shots  are  used  for  events  that  usually  happen  once,  such  as 
a  cymbal  crash.  Beatmapped  tracks  are  sounds  with 
embedded  beat  data  that  ensures  they  can  be  synchro¬ 
nized  with  the  overall  beat  of  a  piece.The  final  track  is  for 
MIDI  file  playback  (Acid  Pro  also  can  route  MIDI  data  to 
external  MIDI-compatible  devices). 

To  create  a  composition,  you  select  media  files  in  the 


Explorer  window  and  drag  them  to  tracks,  then  draw  or 
paint  them  onto  the  timeline.  (The  difference  between  the 
two  methods  is  that  drawing  applies  to  only  one  track  and 
painting  can  be  done  to  multiple  tracks.)  Note  that  we 
wrote  “media”  —  Acid  Pro  also  can  load  and  render  the 
audio  and  video  from  video  files.This  means  you  also  can 
use  the  software  for  scoring  movies  (look  out,  Spielberg). 

You  also  can  add  one  or  more  effects,  such  as  reverb, 
chop  (that  groovy  stuttering  effect),  flanging  (think 
Hendrix)  arid  so  on,  to  each  track  or  apply  any  combina¬ 
tion  through  the  mixer  to  modify  the  final  output. 

The  basics  of  Acid  Pro  are  easy  to  master,  but  we  haven’t 
even  scratched  the  surface  of  what  this  software  can  do  if 
you  want  to  get  sophisticated.  It  comes  with  a  huge  number 
of  sample  compositions,  including  those  from  Bill  Laswell, 
which  shows  that  you  can  create  some  really  sophisticated 
music  with  this  system.  More  than  1 ,000  sound  loops  are 
provided. 

You  can  save  your  creations  to  a  range  of  audio  and 
video  formats  in  stereo  or  5. 1  format,  burn  CDs  and,  rather 
oddly  export  to  Sony’s  proprietary  Net  MD  devices  (MD 
stands  for  Mini  Disc  and  is  a  format  that  could  best  be 
described  as  moribund). 

There  are  all  sorts  of  opportunities  for  using  Acid  Pro, 
such  as  creating  custom  background  music  for  PowerPoint 
presentations  or  videos,  or  editing  voiceovers  for  training 
materials.  Acid  Pro  is  very  reasonably  priced  at  $300. 

Sound  off  to  gearfiead@gibbs.com. 
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Mark  Gibbs 


The  cool-looking  Power- 
Squid  Surge3000  will 
support  any  type  of 
power  adapter. 


The  scoop:  PowerSquid  Surge3000  surge  protector,  by  Flexity, 
about  $70  (preorders  available  at  www.powersquidstore.com). 
What  it  is:  Most  surge  protectors  are  long,  vertical  strips  with  about 
six  or  seven  power  outlets  that  let  you  plug  in  various  cords.  But 
many  power  adapters  are  larger  and  eat  up  the  space  available  for 
additional  cords  and  adapters. 

The  PowerSquid  takes  care  of  that  by  extending  its  female  out¬ 
lets  away  from  the  base  in  a  tentacle-like  fashion.This  lets  you  use 
every  outlet  and  not  having  to  figure  out  the  best  way  to  opti¬ 
mize  the  power  strip,  or  daisy-chain  multiple  surge  protectors 
in  order  to  plug  everything  in.  The  PowerSquid  comes  in 
three  versions  (1000,2000  and  3000,  depending  on  the 
amount  of  joule  protection  offered), as  well  as  a  spe¬ 
cial  Calamari  Edition,  which  includes  two  glowing 
outlets  and  is  white  instead  of  black  (the  $80  ver¬ 
sion  also  includes  an  audible  alarm).  All  models 
include  phone  line  and  cable  line  surge  protec¬ 
tion  as  well. 

Why  it’s  cool:  Anyone  who  has  spent  time  with  a 
limited  amount  of  power  space  in  their  wall  has  pur¬ 
chased  a  surge  protector  for  additional  outlets,  and 
then  discovered  that  a  lot  of  their  equipment  has  those 
bulkier  adapters  that  take  up  two  or  three  spaces  on  the 
power  strip.  This  eliminates  that  issue.  The  design  really 
does  look  like  a  squid;  it’s  almost  a  shame  that  the  device 
will  end  up  sitting  on  the  floor  instead  of  on  your  desk. 
Grade:  ★★★★★(out  of  five) 


Seagate's  external 
hard  drive  offers 
a  quick  and  easy 
way  to  add 
storage. 


The  scoop:  External  Hard  Drive  (400GB,  dual  interface), 
from  Seagate,  about  $330. 

What  it  is:  Just  like  the  product’s  title  says,  it’s  an  external 
hard  drive  that  offers  400GB  of  space  for  PC  users.The  system 
connects  via  USB  2.0  cables  or  an  IEEE  1394  (aka  firewire) 
cable  to  provide  connectivity  to  your  PC.  Bundled 
BounceBack  Express  software  from  CMS  Products  lets  you 
quickly  back  up  and  restore  files  from  your  PC  to  the  external 
drive,  as  well  as  at  the  touch  of  a  button  on  the  front  of  the 
device. 

Why  it’s  cool:  With  the  emerging  needs  of  users  for  more  storage  (music,  video 
files  and  photos  keep  clogging  up  the  desktop,  not  to  mention  work-related  doc¬ 
uments  such  as  Word, PowerPoint  or  Excel  files), it’s  nice  to  have  a  system  that  can 
quickly  and  easily  take  care  of  storage  needs,  at  least  for  a  while.  With  prices  less 
than  $1  per  gigabyte,  users  who  complain  that  they  have  no  space  left  can  be  sat¬ 
isfied  by  giving  them  one  of  these  systems. 

I  was  able  to  easily  connect  the  device  to  a  Windows  XP  PC  and  access  the  hard 
drive.The  BounceBack  Express  back-up  software  was  confusing  at  first  —  it  want¬ 
ed  me  to  back  up  the  entire  C  drive  by  default,  and  I  just  wanted  to  back  up  the 
My  Documents  folder. 

After  figuring  out  how  to  change  the  configuration,  I  ran  the  initial  backup, 
transferring  about  604MB  over  to  the  drive  in  about  a  minute.  With  subsequent 
backups  (achieved  by  just  pushing  the  button  on  the  hard  drive),  the  software 
monitored  only  what  files  had  changed  —  I  had  added  a  file,  deleted  a  file  and 
modified  a  file,  which  the  software  quickly  recognized, and  the  backup  was  ultra¬ 
fast.  I  was  also  able  to  quickly  restore  the  deleted  file  and  return  it  to  its  rightful 
location  on  the  external  drive. 

Grade:  ★★★★ 

Shaw  can  be  reached  at  kshaw@nww.com. 
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utomation.  Compliance.  Integration.  It’s  the  new  language  in  the  new 
world  of  network  management.  Where  leadership  requires  you  to  anticipate 
problems,  recognize  change,  and  innovate  on  the  fly  Because  today  YOU 
are  a  key  driver  of  the  enterprise,  and  network  management  is  THE  core 
competency  crucial  to  success. 


That’s  why  Network  Management: 
The  New  Core  Competency  is  the 

one  event  you  can’t  afford  to  miss. 
The  only  event  where  you  can  learn 
the  latest  practices  while  targeting 
new  solutions  that  will  amp  your 
organization  from  good-to-better- 
to-best  in  nine  key  management 
technologies:  (see  right) 

Jim  Metzler  is  your  host.  Agility, 
innovation,  and  best  practices  are 
his  themes.  Inside  expertise, 
effective  answers,  practical  tools,  and 
benchmark  standards  will  be  your 
takeaways.  To  qualify  to  attend 
Network  Management:  The  New 
Core  Competency  free,  advance 
registration  is  required.  Seats  are 
limited,  so  reserve  your  place  now. 


1.  APPLICATIONS  -  maximizing  business  drivers 

2.  INFRASTRUCTURE  PERFORMANCE  increasing  returns 
on  IT  investments 

3.  SECURITY  -  anticipating  threats  and  preventing 
attacks 

4.  COMPLIANCE  -  meeting  government  demands  and 
relieving  regulatory  pressures 

5.  ANALYTICS  -  employing  leading-edge 
troubleshooting  systems 

6.  BUSINESS  SERVICES  -  syncing  business  objectives 
to  your  IT  architecture 

7.  CONFIGURATION  AND  PATCH  STRATEGY  creating 
responsive,  dynamic,  real-time  security 

8.  WEB  SERVICES  -  streaming  and  integrating 
mission-critical  apps 

9.  SERVICE  LEVEL  MANAGEMENT  -  delivering  enterprise- 
advancing  IT  tools  direct  to  users 


Event 

Host 

Dr.  Jim  Metzler, 
President  of 
Ashton  Metzler 
and  Associates 


Who  should 
attend? 

>  VPs/Directors/Managers  of  IT 

>  Network  VPs/Directors/Managers 

>  VPs/Directors  Operations 

>  Network  Architects 

>  CIO/CTO/CSO 

>  Corporate  Managers 
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Security:  Lots  more 
work  to  do 

A  panel  of  security  experts  at  the  RSA  Conference  last 
week  said  businesses  still  overlook  fundamental  secu¬ 
rity  questions  when  buying  or  building  software. 

That’s  critical  because  Gartner  estimates  that  70%  of  security 
vulnerabilities  are  at  the  application  layer  (see  our  coverage 
of  the  panel  at  www.nww.com,  DocFinder:  2243). 

A  survey  by  the  Secure  Software  Forum,  which  pulled 
together  the  panel  for  the  conference,  shows  that  although 
companies  are  beginning  to  develop  secure  coding  pro¬ 
grams,  only  27%  have  integrated  security  into  their  develop¬ 
ment  processes. 

Because  perimeter  security  can  only  do  so  much,  this  soft¬ 
ware  vulnerability  may  be  responsible  for  the  recent  uptick 
in  unauthorized  use  of  computer  systems,  as  shown  by  the 
newly  released  10th  annual“Computer  Crime  and  Security 
Survey”The  study,  conducted  by  the  Computer  Security 
Institute  (CSI)  and  the  FBI,  reports  that  after  declining  for 
four  years,  the  unauthorized  use  of  computers  increased  in 
2005:  Of  the  companies  surveyed,  56%  reported  unautho¬ 
rized  use,  up  from  53%  in  2004.  As  for  the  rest,  31%  reported 
no  unauthorized  use,  and  13%  were  unsure. 

That  survey  also  showed  that  —  contrary  to  the  popular 
notion  that  insiders  are  the  graver  threat  —  just  about  as 
many  unauthorized  incidents  were  perpetrated  by  outsiders 
as  by  insiders.  Perhaps  even  more  important,  a  large  percent¬ 
age  of  respondents  simply  don’t  know  where  the  misuse 
came  from.  When  asked  how  many  incidents  came  from  out¬ 
side,  35%  said  they  didn’t  know.  Asked  the  same  about  mis¬ 
use  from  inside,  44%  said  they  were  unsure. 

The  lesson,  the  CSI/FB1  survey  concludes,  is  that  “organiza¬ 
tions  have  to  anticipate  attacks  from  all  quarters.” 

Despite  the  increase  in  computer  misuse  and  companies’ 
uncertainty  about  what  they  are  battling,  the  CSI/FB1  survey 
suggests  that,  based  on  spending  trends,  companies  seem  to 
think  they  are  doing  enough  to  fight  back.  Security  spending 
as  a  percentage  of  IT  budgets  remained  essentially  flat  in 
2005  compared  with  2004. 

Forty-eight  percent  of  the  respondents  spend  1%  to  5%  of 
their  IT  budget  on  security  19%  spend  6%  to  10%,  and  8% 
said  they  spend  more  than  10%.  Remarkably,  25%  said  they 
still  spend  less  than  1%  of  their  IT  budget  on  security. 

The  takeaway  is  that  there  is  a  lot  of  work  left  to  do. 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 

Hew  Research  Panel 

’•  World  is  putting  together  a  Technology  Opinion  Panel  of 

v.i  :’ts  we  can  turn  to  for  advice  on  technology  developments.  Panel 
oers  will  be  asked  to  participate  in  at  least  six  15-minute  surveys 
18  months.  For  their  efforts,  members  will  get  full  survey  results 
no  will  be  entered  into  random  drawings  with  cash  prizes.  For  more 
information,  see  www.nwwbetopdog.eom. 


Opinions 

Americans  should  come  first 

While  you  report  that  President  Bush  advocates  lift¬ 
ing  the  H-1B  visa  cap  (www.nww.com,  DocFinder: 
2227)  you  ignore  that  Bush  also  stated, “Of  course, we 
want  every  job  that’s  ever  generated  in  America 
filled  by  Americans....”  (see  DocFinder:  2228).  Be¬ 
cause  the  H-1B  visa  provides  for  the  wholesale  dis¬ 
placement  of  qualified  U.S.  workers  by  less  costly 
indentured,  foreign  workers,  Bush  is  speaking  out  of 
both  sides  of  his  mouth. 

Before  calling  on  Congress  to  increase  the  H-1B 
cap,  the  president  should  call  for  minimal  safeguards 
in  the  H-1B  program, such  as  those  proposed  by  Rep. 
Bill  Pascrell  (D-N.J.)  in  his  Defend  the  American 
Dream  Act  of  2005  (H.R.  4378).  Many  employers 
legally  hire  H-1B  workers  and  then  shop  them  in 
direct  competition  with  U.S.  workers.  Other  employ¬ 
ers  force  Americans  to  train  their  H-1B  replacements. 
A  recent  study  found  that  H-1B  workers  earn  signifi¬ 
cantly  less  than  U.S.  workers  with  the  same  skills. 

The  Programmers  Guild  (www.programmersguild. 
org)  represents  many  qualified  but  unemployed  U.S. 
tech  workers. H.R. 4378  merely  requires  employers  to 
consider  qualified  Americans  before  hiring  an  H-1B. 
Mr.  President,  are  you  with  us  or  against  us? 

Kim  Berry 
President 
The  Programmers  Guild 
Summit,  N.J. 

Deregulation's  drawbacks 

Regarding  Mark  Gibbs’  call  for  a  national  networking 
policy  (DocFinder:  2229):  The  U.S.  market  once 
enjoyed  the  finest  and  most  sophisticated  array  of 
telecom  services  the  planet  had  to  offer.  What  we 
had  worked,  and  it  worked  rather  well.  It  has  been  a 
painful  death  spiral  since  deregulation. 


While  I  am  a  staunch  advocate  of  free  enterprise 
and  free  markets,  perhaps  it  is  time  that  we  admitted 
things  may  have  worked  better  under  a  regulated 
monopoly  structure.  At  least  someone  actually 
answered  the  phone  when  you  called  for  service. 
Someone  actually  showed  up  who  could  fix  your 
problem  on  the  first  service  call  and  had  all  the  parts 
they  needed. 

For  large  telcos,  it  hasn’t  been  about  service  for  a 
long  time,  and  it  isn’t  even  about  customers  any 
more.  It’s  about  someone  squeezing  one  more  nickel 
out  of  somewhere  before  leveraging  something  in 
yet  another  round  of  financing  and/or  acquisition, 
and  then  telling  us  how  life  will  be  better  in  yet 
another  reconfigured  arrangement  of  otherwise 
well-meaning  individuals  who  don’t  quite  know 
what  they  are  supposed  to  be  doing  in  the  first 
place,  because  the  rules  change  every  day 

George  Nezlek 
Associate  professor,  information  systems 
Grand  Valley  State  University 
Allendale,  Mich. 

Standards  vs.  practicality 

Regarding  Scott  Bradner’s  column,  “Apple  and  the 
value  of  standards”  (DocFinder:  2230):  It  would  also 
be  fair  to  say  that  standards  are  not  always  the  best 
implementation  of  a  particular  technology.  When 
one  looks  at  the  complexity  of  X.400  vs.  SMTP  or 
Skype  vs.  trying  to  roll  your  own  Session  Initiation 
Protocol-based  solution,  the  issue  is  not  the  stan¬ 
dard  used  but  the  practicality  of  the  solution. 

Waleed  Hanafi 
Consultant 
Singapore 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


p||.  Readers  respond 

Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder:  1030 
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THROUGH  CHANNELS 


Ken  Presti 


Enter  the  age  of  the  warm,  fuzzy  IT  integrator 


Your  technology  integrators  want  to  know 
what  keeps  you  awake  at  night. 
Don’t  worry  They’re  not  going  to  offer  to 
sing  something  soft  and  soothing  over  your  plain 
old  telephone  service  line  at  3  a.m.  But  many  are 
taking  their  consultative  capabilities  to  a  whole 
new  level. 

Value-added  resellers,  integrators  and  others 
in  the  indirect  sales  channel  are  beginning  to 
get  much  more  in  tune  with  the  actual  business 
issues  their  customers  face,  as  opposed  to 
merely  touting  the  benefits  of  a  particular  prod¬ 
uct  offering  to  their  overall  customer  base.  The 
reason  is  this:  As  technologies  become  more 
complex  and  more  tightly  interwoven,  changes 
tend  to  have  more  far-reaching  effects  on  net¬ 
works  than  ever.  Thus,  getting  it  right  the  first 
time  requires  a  detailed  knowledge  of  how  all 
that  technology  will  be  used  in  the  context  of  a 
customer’s  business. 

Ultimately,  technology  is  about  solving  prob¬ 
lems.  And  if  I’m  going  to  solve  a  problem,  I  need 
to  have  a  real  good  idea  of  what  that  problem  is. 
So  don’t  be  surprised  if  your  channel  partner 
starts  asking  a  lot  of  nosy  questions  about  how 
your  company  does  whatever  it  does,  or  if  the 


sales  rep  wants  to  talk  to  other  people  in  your 
company  about  how  they  do  particular  tasks.  By 
getting  this  information  first,  they’re  trying  to  do 
the  right  thing. 

In  fairness  to  my  brothers  and  sisters  in  the 
channel,  technology  has  never  been  something 
that  could  be  successfully  sold  in  a  vacuum 
without  regard  for  a  customer’s  needs  —  at  least 
not  by  salespeople  who  cared  about  their  repu- 

If  I’m  going  to  solve  a 
problem,  I  need  to  have 
a  real  good  idea  of  what 
that  problem  is. 

tations  and  wanted  to  build  long-term  customer 
relationships. 

But  the  necessity  to  understand  customers’ 
business  needs  is  quickly  rising,  and  this  is  a 
good  thing.  Differentiation  is  getting  harder  and 
harder  to  achieve  at  the  lower  end  of  the  Open 
Systems  Interconnection  stack.  And  while  tech¬ 
nology  has  always  been  about  delivering  the 
application,  that’s  more  true  than  ever.  Adding 


value  is  increasingly  vertical.  It’s  about  what  you 
do  and  how  you  do  it. 

For  example,  not  long  ago,  going  to  work  meant 
traveling  to  an  office.  Next,  remote  access  was  a 
good  idea  for  most  people,  but  we  had  to  plug  in 
a  lot  of  stuff  —  open  software  and  so  on.  Now,  I 
walk  into  my  home  office  with  a  cup  of  coffee, 
press  one  button  and  everything  pretty  much 
comes  up  dynamically  After  getting  to  this  point, 
how  is  anybody  supposed  to  offer  me  anything 
useful  without  knowing  what  1  do  and  how  I  do  it? 

The  flip  side  of  all  this  from  a  corporate  cus¬ 
tomer’s  point  of  view  involves  determining  what 
information  and  practices  you’re  willing  to 
share,  and  with  whom.  Evaluate  this  in  advance. 
Discuss  it  with  different  groups  in  your  organiza¬ 
tion.  But  recognize  that  more  information  close 
to  the  vest  gives  an  integrator  less  opportunity  to 
leverage  technology  to  keep  you  competitive 
over  time.  So  to  adapt  an  old  cliche  that  used  to 
pertain  to  routing  and  switching:  Share  what  you 
can;  protect  what  you  have  to. 

Presti  is  research  director  of  IDC's  Network 
Channels  and  Alliances  service.  He  can  be 
reached  at  kpresti@idc.com. 


YANKEE  INGENUITY 
Howard  Anderson 


China,  Incorporated 


There  are  two  questions  of  concern  to  every¬ 
one  in  the  industry:  Where  will  new  commu¬ 
nications  companies  come  from?  Who  will 
finance  them?  Answer  No.  1 :  China.  Answer  No.  2: 
U.S.  venture-capital  firms. 

Last  month  I  attended  a  board  meeting  in  China 
and  was  blown  away  by  the  work  ethic,  systemat¬ 
ic  approach  and  hunger  entrepreneurial  Chinese 
companies  have  to  become  major  players  in  the 
world  market.  Chinese  technology,  while  still  five 
years  behind  ours,  is  rapidly  catching  up.  Firms 
such  as  Motorola  and  Qualcomm  have  major 
beachheads  in  China  —  not  just  because  of  low- 
cost  manufacturing  but  also  because  of  first-rate 
talent.  Bill  Gates  has  been  quoted  as  saying  his 
Chinese  R&D  lab  is  the  second-most  productive 
in  the  world. 

What  is  not  obvious  is  the  financial  muscle 
behind  this.  U.S.  venture  capitalists  are  falling  over 
themselves  to  invest  in  Chinese  communications 
companies  —  and  this  in  the  face  of  20  years  of 
bad  experience,  losses,  quirky  management  and 
questionable  ethics.  Why?  What  has  changed? 

There  are  two  views  of  China.  One  says  that  the 
first  U.S.  investors  into  Chinese  telecom  compa¬ 
nies  are  going  to  get  clobbered,  robbed  blind  by 
their  partners  and  find  their  intellectual  property 
seeping  out  the  door.  The  second  view  is,  yes,  all 
that  may  be  true,  but  here  is  an  economy  that  is 
growing  10%  per  year,  generates  a  $100  billion 
trade  surplus  and  is  going  to  be  the  world’s  great¬ 
est  communications  customer  over  the  next  10 
years.  This  view  is  to  disregard  the  questionable 


ethics  and  lack  of  believability  in  all  financial 
reports,  and  regard  these  losses  as  just  the  entry 
cost  of  joining  the  club. 

Here’s  an  analogy  When  hungry  penguins  are 
on  an  ice  floe,  they  need  a  way  to  determine  if 
there  are  sharks  in  the  water.  They  start  jostling 
one  another  until  one  falls  in.  If  the  shark  grabs 
this  first  penguin,  the  rest  resist  fishing  for  a  time. 
If  no  shark  appears,  they  jump  in.  Kind  of 
Darwinian  game  theory. 

U.S.  venture  capitalists  are  the  penguins. 
Although  China  is  in  the  Wild  West,  Draper  Fisher 

U.S.  venture  capitalists 
are  falling  over  themselves 
to  invest  in  Chinese 
communications 
companies. 

made  a  ton  of  money  by  investing  in  Baidu,  the 
Google  of  China;  Greylock  Partners  and  NEA 
Ventures  are  the  new  limited  partners  in  China’s 
Northern  Light  Ventures;  and  IDG  Ventures  and 
Accel  Partners  are  putting  $250  million  into  a  new 
fund,  IDG-Accel  China  Growth.  Ollie  Curme,  my 
former  partner  at  Battery  Ventures,  has  invested  in 
a  Chinese  motorcycle  company  and  is  raising  a 
new  China-focused  equity  firm  called  Shanghai 
Ventures.  Let  me  know  if  you  see  a  trend  here. 

Look  at  it  this  way:  It  costs  $100  million  to  build 
a  carrier-class  equipment  company  in  the  United 


States,  with  most  of  the  money  going  for  engineer¬ 
ing.  But  suppose  you  could  hire  20  electrical  engi¬ 
neers  for  the  price  of  one  U.S.  engineer.  Suppose 
you  also  concluded  that  when  the  Chinese  gov¬ 
ernment  buys,  it  is  going  to  favor  domestic  suppli¬ 
ers  and  Chinese  entrepreneurs  who  know  how  the 
system  works  will  be  the  winners. 

I  sit  on  the  advisory  board  of  3Com,  which  has  a 
joint  venture  with  Chinese  vendor  Huawei  —  the 
same  Huawei  that  Cisco  sued  a  few  years  ago  for 
stealing  its  router  code.  So  far,  the  joint  venture  is 
exceeding  3Com’s  expectations. 

Capital  moves  to  places  where  it  is  welcomed, 
where  returns  are  good.  U.S.  venture  firms  have 
concluded  that  investing  in  telecom  in  the  United 
States  is  suboptimal  now.  But  they  are  willing  to 
add  country  risk  to  technical  risk,  financial  risk 
and  market  risk,  and  invest  in  a  country  where 
lawlessness  is  still  rampant, capital  always  seem  to 
go  in  but  not  come  out  and  intellectual  property 
rights  seem  to  fall  right  behind  human  rights.They 
look  at  a  China  that  is  reinventing  itself  monthly 

Napoleon  said, “Do  not  awaken  China.”That  was 
almost  200  ago.  Today,  China  is  awake  and  ener¬ 
getic,  and  has  funding  from  the  most  deep-pocket¬ 
ed  of  sources  —  the  U.S.  venture  community 

Anderson  is  the  founder  of  The  Yankee  Group  and 
YankeeTek,  and  a  co-founder  of  Battery  Ventures.  He 
lectures  on  technology  at  the  Massachusetts 
Institute  of  Technology  and  speaks  on  technology 
subjects  at  meetings  across  the  country.  He  can  be 
reached  at  handerson@yankeetek.com. 
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depends  on  the  most  complete  and  secure,  application-aware  network 
new  AT&T  to  take  on  other  video  game  designers  from  coast  to  coast. 
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Inside  this  issue: 


Piecing  together  the  next- 
generation  IT  architecture 


We  continue  exploring  the  business  practices,  prod¬ 
ucts  and  technologies  giving  form  to  New  Data 
Center  architectures.  Our  third,  annual  series 
launches  with  a  spotlight  on  best  practices. 
Beginning  at  right,  you’ll  find: 
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JrtAKING  SECURITY  A 
SHARED  RESPONSIBILITY 

Security  icon  Rhonda  MacLean  contends  that  a 
no-perimeter,  cultural  revolution  is  mounting  as 
enterprises  build  New  Data  Center  defenses. 
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NEW  flATA  CENTER  These  seven  prod¬ 
ucts  may  be  right  at  home  in  your  next-generation 
infrastructure. 
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Early  adopters  give  tips  on  how  to  pick  —  and 
cost  justify  —  New  Data  Center  technologies. 


BY  ANN  BEDNARZ 

When  you  put  a  new  application  release  into  production  and  it  brings  your  servers  down  despite  pre¬ 
rollout  testing, you  know  your  best  practices  are  begging  for  an  overhaul.  Such  was  the  case  at  com¬ 
petitive  game  provider  World  Winner,  in  Newton,  Mass.  Joe  Bai.CIO  and  vice  president  of  technology, 
describes  the  problems  that  prompted  him  to  begin  rethinking  IT  best  practices  and  investigating  next-generation 
change  management  tools. 

“I  was  here  less  than  three  weeks  when  we  put  a  release  out  and  it  didn’t  work,  it  wasn’t  that  the  new  functionality 
wasn’t  appropriate  or  wasn’t  performing  the  way  we  expected. The  Web  servers  didn’t  come  back,”  Bai  says. 

It  turned  out  the  version  of  Apache  running  in  the  development  and  quality  assurance  environments  wasn’t  the 
same  as  the  one  for  the  production  environment. “The  new  code  base  that  went  out  was  dependent  on  code  and 
configuration  parameters  that  weren’t  there.” 

The  team  had  to  roll  back  the  release  and  find  the  discrepancies.“It  probably  cost  us  a  quarter  of  a  day’s  revenue,” 
Bai  recalls  of  the  2003  event. 

The  bigger  problem  was  that  such  issues  weren’t  unusual  for  WorldWinner  at  the  time.“We  had  a  number  of  releases 
that  went  out  and  required  eight,  10  or  12  patches  before  we  were  happy  enough  with  them  to  leave  them  up. That’s  just 
not  the  way  we  wanted  to  do  things,”  Bai  says. 

Over  the  last  two  years,  Bai  transformed  the  IT  department  from  fire-fighting  architects,  engineers  and  developers 
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to  a  lean,  agile  group  that  keeps  the  site  up,  stocked 
with  fresh  features,  and  anticipates  application 
enhancements  before  marketing  staff  comes  asking 
for  them. 

No  single  project  fixed  WorldWinner’s  problems. 
Rather,  Bai  launched  multiple  best  practice  efforts 
aimed  at  implementing  better  change  management 
practices, stronger  version  control  and  other  improve¬ 
ments  related  to  software  releases. 

One  tool  in  Bai's  arsenal  is  mValent’s  Integrity 
suite,  which  automates  application  configuration 
management.  The  mValent  technology  helps  devel¬ 
opers  recognize  configuration-related  inconsisten¬ 
cies  and  automatically  makes  changes  to  the  under¬ 
lying  application  infrastructure.“A  lot  of  things  had  to 
come  together,  but  they’re  all  based  on  really  know¬ 


ing  the  environments  and  getting  good,  instrumented 
and  measured  software  out  the  first  time,”  Bai  says. 

He  advises  others  who  want  to  shore  up  application 
processes  used  in  New  Data  Center  (NDC)  architec¬ 
tures  to  think  long  term. “Don’t  try  to  solve  an  entire 
problem  at  once.  Look  at  it  on  an  ongoing  basis  — 
and  don’t  assume  you  ever  have  it  solved,”  Bai  says. 

That’s  advice  to  remember  as  you  evaluate  the  latest 
technologies  aimed  at  gleaning  greater  efficiencies 
from  existing  IT  resources. Virtualization  can  bolster 
server  and  storage  utilization  rates  and  reduce  admin¬ 
istration,  vendors  say  If  consolidation  is  the  objective, 
blade  servers  offer  space-saving,  power-conserving 
features.  A  services-oriented  architecture  (SOA)  prom¬ 
ises  easily  combined,  modular  software  components, 
while  application  and  systems  management  experts 
propose  tools  to  streamline  and  automate  manual 
tasks  that  bog  down  corporate  processes. 

Early  adopters  who  have  deployed  such  NDC  tech¬ 
nologies  learned  lessons  about  what  works  and  what 
doesn’t.Their  tips  often  suggest  new  ways  of  doing  IT. 

Choosing  wisely 

Before  making  a  commitment,  weigh  the  long-term 
viability  of  any  new  technology, says  Cliff  Dutton,  who 
is  the  former  CTO  at  Ibis  Consulting.  (Dutton  recently 


joined  Dynamic  Communication,  a  management 
consultancy.)  People  tend  to  focus  on  the  size  of  a 
vendor  when  considering  an  IT  purchase,  but  size 
isn't  the  only  determinant  of  a  product's  long-term 
success. 

“There  are  new  technology  offerings  from  large  ven¬ 
dors  that  have  the  same  characteristics  as  new  tech¬ 
nologies  from  smaller  vendors  —  they’re  not  well 
deployed  yet,  they’re  not  necessarily  going  to  be  sup¬ 
ported  in  the  long  run,”  Dutton  says.  “A  name-brand 
large  supplier  can  terminate  a  product  line  just  as 
easily  as  a  small  company  can  go  out  of  business.” 

Ibis,  which  provides  electronic  data  discovery  serv¬ 
ices,  deployed  in  the  fall  of  2004  Acopia  Networks’ 
storage  virtualization  switches.  These  new-style 
devices  attach  to  network-attached  storage  (NAS) 


appliances  and  virtualize  the  files  residing  on  them 
(see  related  story,  page  42). 

When  Dutton  first  talked  about  plans  to  virtualize 
his  company’s  200TB  storage  environment,  people’s 
reactions  made  him  think  he’d  taken  a  crazy  risk  on  a 
young  technology 

But  Dutton  had  clear  expectations  when  he  chose 
Acopia.  The  switches  let  Dutton  create  a  single  file 
system  across  multiple  devices, so  storage  administra¬ 
tors  at  the  Providence,  R.I.,  company  can  reallocate 
shares  and  balance  the  workload  across  multiple 
NAS  boxes  without  disrupting  users’  access  to  data. 

If  Ibis  can  process  more  data  more  efficiently  using 
existing  capacity  and  staff  resources,  then  the  com¬ 
pany’s  bottom  line  grows.’Anything  that  improves  our 
ability  to  administer  the  storage  environment  has  im¬ 
pact  on  the  business,”  Dutton  says. 

To  reduce  the  risk  of  project  failure,  IT  buyers  and 
vendors  need  to  be  on  the  same  page.  “People  need 
to  be  very  clear  about  their  expectations  technically 
of  what  a  new  vendor  in  their  shop  is  intended  to  do,” 
Dutton  says.“You  need  to  write  it  down,  and  you  need 
to  get  explicit  commitment  from  the  vendor  to  sup¬ 
port  the  achievement  of  those  requirements.” 

Users  also  need  to  understand  that  not  all  devices 
are  created  equal.Take  blade  servers,  some  of  which 


are  diskless  and  some  that  aren’t.  Albridge  Solutions 
chose  the  former  option, from  Egenera,to  consolidate 
and  virtualize  its  server  environment. 

Egenera’s  blade  servers  consist  of  only  processors 
and  memory,  while  other  blade  servers  have  internal 
hard  drives  and  boot  internally,  says  Rao  Pallepati, 
vice  president  of  IS  and  security  at  Albridge  in 
Lawrenceville,  N.J.,  which  offers  customer  data  man¬ 
agement  software  for  financial  institutions.  “If  you 
look  at  other  blade  servers,  they’re  only  saving  space 
and  power,  they’re  not  really  doing  much  virtualiza¬ 
tion,”  Pallepati  says. 

When  it  comes  to  new  technologies, “healthy  skepti¬ 
cism  is  good ’’says  Tony  Plasil,  principal  and  head  of 
investment  technology  at  STW  Fixed  Income  Man¬ 
agement  in  Carpinteria,  Calif. 

The  specialty  bond  management  firm  is  an  early 
adopter  of  Corticon  Technologies’  business  rules 
management  software.  STW7  uses  Corticon’s  rules 
engine  to  make  sure  investment  transactions  don’t 
violate  any  account  guidelines,  such  as  a  customer’s 
limits  on  holdings  in  a  certain  industry  STW  integrated 
the  rules  engine  directly  with  its  trading  application 
so  that  violations  can  be  detected  in  real  time,  before 
a  trade  is  executed. 

Rules  engines  are  generating  a  lot  of  buzz,  but 
enterprise  IT  executives  need  to  be  aware  of  their 
limitations,  Plasil  says. “Don’t  get  fooled  by  the  tem¬ 
plates,  the  GUIs.  If  a  vendor  shows  you  how  easy  it  is, 
be  skeptical.” 

In  particular,  if  a  vendor  starts  referring  to  alternative 
methods  of  defining  rules,  then  listen  carefully.“When 
it  starts  talking  about  being  able  to  drop  down  into 
some  kind  of  code,  be  very  watchful,”  Plasil  says.’That 
means  you’re  probably  going  to  be  writing  a  lot  of 
your  rules  in  code,  and  they  aren’t  going  to  be  sup¬ 
ported  by  the  application.” 

Plasil  may  have  sacrificed  some  ease  of  use  with 
Corticon’s  technology,  but  he’s  not  limited  in  the  rules 
he  can  define.  That’s  just  the  way  Plasil  wants  it,  and 
he  never  intended  to  relegate  rule-making  tasks  out¬ 
side  of  IT  anyway.“It’s  much  better  for  our  firm  not  to 
have  any  gaps  and  to  have  this  controlled  by  a  senior 
business  analyst  and  not  have  a  whole  bunch  of  peo¬ 
ple  able  to  put  rules  in.” 

Help  from  inside 

Part  of  WorldWinner’s  application  overhaul  involved 
new  technologies,  such  as  mValent’s  Integrity  but  per¬ 
sonnel  and  process  changes  also  have  made  a  big 
impact,  Bai  says. 

One  of  the  lead  engineers  at  WorldWinner  recently 
started  a  lunch  series  where  people  talk  about  what 
they’re  working  on  —  what  they  think  is  cool,  what 
they  need  help  with,  and  the  impact  of  changes  to 
third-party  development  tools. 

It’s  turned  out  to  be  a  great  venue  for  swapping 
ideas  and  encouraging  code  reuse,  Bai  says.  The 
meetings’  informality  is  crucial. 

“We’re  too  small  to  be  formal.  I’ve  found  that  these 
lunch  sessions  are  infinitely  more  efficient  than  trying 
to  convince  a  developer  that  he  needs  to  document 

See  Best  practices,  page  36 


real  trick  is  getting 
vendors  to  support  their 
software  running  in  a 
virtual  machine.  It’s  been 
more  of  a  problem  than  I 
would  have  anticipated  it 
belr*. 

Doug  Baer, 

systems  engineer,  Desert  Schools  Federal 
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Poor  application  performance  is  a  problem 
with  which  many  IT  departments  are  all  too 
familiar.  An  August  2003  study  by  Network 
World  and  Racketeer  found  that  more 
than  60%  of  the  IT  respondents  had 
experienced  significant  application  per¬ 
formance  degradation  -  a  number  that 
climbed  to  nearly  85%  for  companies  with 
revenues  exceeding  $1  billion. 

This  problem  has  negative  effects 
throughout  a  business,  from  reduced 
employee  productivity  to  increased 
customer  dissatisfaction  and  loss  of 
business.  It  also  significantly  reduces  IT 
department  efficiency,  as  staff  members  are 
repeatedly  pulled  away  from  development 
projects  to  troubleshoot  performance 
issues. 

Why  monitor  application 
performance? 

Companies  have  many  reasons  for 
monitoring  application  performance. 

A  major  insurance  company  wanted  to 
proactively  track  compliance  with  service 
level  agreements  (SLAs).  The  company  also 
wanted  to  test  how  infrastructure  changes 
(such  as  consolidating 
servers)  would  affect 
end-user  response 
times,  as  well  as  reduc¬ 
ing  troubleshooting 
time  by  seeing  exactly 
what  was  happening  at 
the  time  a  problem 
occurred. 

A  large  financial  services  company  consid¬ 
ers  good  application  performance  to  be  an 
end  in  itself.  "Efficient  operation  of  our 
networked  applications  is  a  key  element  in 
attaining  our  corporate  vision,"  says  the 
company's  IT  manager.  "In  addition  to 
delivering  high  levels  of  performance  to  our 
large  user  base,  we  need  to  make 


sure  that  new  applications  won't  introduce 
performance  bottlenecks  before  rolling 
them  out." 

A  major  northeastern  commercial  bank 
values  good  application  performance 
because  it  maintains  end  users'  productivi¬ 
ty  -  so  when  problems  do  occur,  the  bank 
needs  to  troubleshoot  them  efficiently.  "We 
were  spending  a  minimum  of  20  hours  a 
month  -  sometimes  up  to  two  or  three 
weeks  -  trying  to  diagnose  the  cause  of 
application  slowdowns,"  says  a  network 
engineer.  "We  just  didn't  have  the  staff  to 
keep  doing  that."  A  particular  problem, 
he  notes,  was  trying  to  determine  if  a 
slowdown  was  a  network  issue  or  a  server 
issue.  "When  our  network  team  thought  it 
was  a  server  problem,  the  server  team 
would  often  claim  it  was  a  network  prob¬ 
lem,"  he  said.  "It  was  difficult  to  pinpoint 
the  exact  trouble  spot." 

Fluke  Networks  SuperAgent 
to  the  rescue 

All  three  of  these  companies  have  found 
that  Fluke  Networks'  SuperAgent 
Application  Performance  Analyzer  provides 


accurate,  detailed  insight  into  end-user 
response  times  throughout  the  enterprise. 
As  a  result,  IT  staff  can  quickly  determine 
whether  a  problem  is  network,  application, 
or  server  related  and  can  rapidly  resolve  the 
issue. 

For  example,  according  to  the  insurance 
company's  IT  manager,  "SuperAgent  helps 
us  better  serve  our  end  users  by  being 


"When  our  network  team  thought  it  was  a 
server  problem,  the  server  team  would  often 
claim  it  was  a  network  problem.  It  was 
difficult  to  pinpoint  the  exact  trouble  spot." 

-  Network  engineer  from  a  major  commercial  bank 


Solving  Application  Performance  Problems 

A  Proactive  Approach 


proactive  with  appli¬ 
cation  performance 
issues  -  and  being 
able  to  more 
effectively  baseline 
application  perform¬ 
ance  helps  us  ensure 
that  we  meet  our 
established  Service 
Level  Agreements  for 
transaction  times." 

When  problems  do 
arise,  he  notes  that  SuperAgent  "can  mean 
the  difference  between  a  one-hour  slow¬ 
down  and  a  one-day  slowdown." 

The  financial  services  company  has  found 
that  SuperAgent  helps  with  everything  from 
service  level  management  to  resolving 
performance  issues  to  capacity  planning. 
The  solution  also  has  virtually  eliminated 
finger  pointing  and  wasted  cycles.  "Before, 
we  could  easily  spend  four  hours  trying  to 
determine  the  cause  of  the  problem,"  says 
the  director  of  network  operations.  "With 
SuperAgent  monitoring  the  network  core, 
we  can  identify  the  trouble  cause  in  about 
15  minutes."  As  a  result,  development 
teams  spend  their  time  creating  and 
deploying  needed  applications  rather  than 
being  bogged  down  resolving  problems. 

The  commercial  bank  finds  that 
SuperAgent's  performance  monitoring 
capabilities  make  the  IT  department  more 
proactive,  identifying  and  resolving 
problems  before  users  are  even  aware  of 
them.  The  tool's  enhanced  troubleshooting 
capabilities  save  them  at  least  20  hours  a 
month  -  plus  it  has  made  a  big  difference 
in  the  relationship  between  the  network 
and  server  teams,  replacing  finger  pointing 
with  cooperation.  "Now  the  server  team 
comes  to  us  when  they  have  a  problem  and 
asks  us  to  monitor  their  servers,"  says  a 
network  engineer.  "We  also  get  requests  for 


troubleshooting  help  from  other  business 
groups  in  the  main  office.  They  all  think 
SuperAgent  is  fantastic  -  they  are  over¬ 
whelmingly  impressed  with  its  reports." 
He  also  describes  a  case  where  slow  per¬ 
formance  of  a  vendor-hosted  application 
was  causing  a  department  to  fall  behind  in 
its  work.  SuperAgent  identified  the  vendor's 
server  as  the  source  of  the  problem,  and  the 
vendor  -  who  hadn't  previously  been  aware 
of  the  difficulty  -  was  able  to  quickly  fix  it. 

The  bank  is  so  impressed  with  SuperAgent 
that  it  soon  will  be  performing  full  server 
monitoring,  with  reports  on  server  avail¬ 
ability  and  alerts  when  utilization  levels 
exceed  a  fixed  percentage.  It  will  also  use 
SuperAgent's  results  to  set  up  SLAs  with 
its  branch  offices,  so  it  can  demonstrate 
compliance  with  agreed-upon  availability 
and  uptime  figures.  "We  just  couldn't  do 
any  of  this  without  SuperAgent,"  concludes 
the  bank's  network  engineer. 

For  more  information  about  application 
performance  management  solutions 
visit  www.flukenetworks.  com/ A  PM 
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possible  use  cases  for  his  code,  or  put  something  in  some 
documentation  store  that  everyone  else  is  supposed  to 
check,”  Bai  says.“It  just  doesn't  work.  But  if  they  chat  up  a 
new  feature  over  lunch,  it  even  works  better  than  talking 
about  it  with  a  product  manager.” 

When  an  NDC  project  is  focused  on  optimizing  busi¬ 
ness  processes  and  operations,  it’s  particularly  important 
for  IT  staff,  business  analysts  and  users  to  set  the  project 
agenda  together,  says  Robert  Salazar,  vice  president  of 
process  management  at  First  Horizon  in  Irving,  Texas. 
First  Horizon  selected  a  business  process  management 
(BPM)  suite  from  Fuego,  and  uses  the  tools  and  Fuego’s 
methodology  as  part  of  a  broad  effort  to  automate,  man¬ 
age  and  optimize  mortgage  loan  operations. 

Viewing  a  BPM  initiative  as  purely  an  IT  project  is  short¬ 
sighted,  Salazar  says.  By  insisting  on  collaboration 
throughout  the  design  and  development  phases,  First 
Horizon  had  few  surprises  or  forgotten  requirements 
when  it  completed  its  first  BPM  project,  he  says.“I  saw  the 
line-of-business  people  taking  ownership  of  project 
delivery  and  when  we  did  hit  those  couple  of  inevitable 
bumps  along  the  way,  they  would  resolve  them.  They 
were  as  much  interested  in  the  project  being  successful 
as  we  were.” 

Of  course,  no  matter  how  prepared  IT  is, some  surprises 
still  crop  up  post-rollout. 

Desert  Schools  Federal  Credit  Union  in  Phoenix  uses 
server  virtualization  technology  from  EMC  company 
VMware  to  cut  hardware  costs  and  speed  server  deploy¬ 
ments.  The  IT  department  first  tried  out  VMware ’s  Work¬ 
station  product  internally  to  create  a  test  environment  for 
development  projects. 

Later  it  deployed  VMware  s  server  products  in  the  IT  lab 
before  extending  the  technology  to  the  company’s  pro¬ 
duction  application  environment. 

While  IT  staffers  had  familiarity  with  how  the  technology 
works,  they  learned  even  more  when  the  rollout  ad¬ 
vanced  outside  the  lab, says  Doug  Baer, systems  engineer 
at  Desert  Schools.  Baer’s  advice  to  other  companies  con¬ 
sidering  a  virtual  server  environment  is  to  be  mindful  of 
what  an  application  is  doing  —  not  every  application  is 
a  good  candidate  for  a  virtual  machine.  “SQL  is  notori¬ 
ously  difficult,  because  it  hits  the  disk  a  lot,  and  disk  vir¬ 
tualization  is  expensive,”  he  says. 

In  addition.be  prepared  for  resistance  from  some  appli¬ 
cation  vendors.  Desert  Schools  looks  first  to  run  each 
new  application  on  a  virtual  machine,  but  some  projects 
can’t  be  run  on  a  virtual  machine  because  of  the  ven¬ 
dor’s  support  requirements,  Baer  says. 

"The  real  trick  is  getting  vendors  to  support  their  soft¬ 
ware  running  in  a  virtual  machine,”  he  says.  “It’s  been 
more  of  a  problem  than  I  would  have  anticipated  it 
being.” 

VMware  has  a  process  in  place  for  dealing  with  reluc¬ 
tant  independent  software  vendors,  and  that’s  been  help¬ 
ful,  Baer  says.  Over  time,  as  the  technology  becomes 
mainstream,  Baer  hopes  the  need  for  such  intervention 
will  disappear.“Being  near  the  bleeding  edge,  that’s  kind 
of  what  you  run  into.” 

When  you’ve  identified  applications  that  are  a  good  fit 


www.nww.com/NDCSOQ6/BP 


for  a  virtual  machine,  make  sure  the  infrastructure  is 
ready,  he  adds.“Take  the  time  to  design  the  virtual  infra¬ 
structure  to  be  as  redundant  as  possible,”  Baer  says.“Go 
for  servers  that  have  lots  of  RAM,  for  one  thing.  Also, 
have  redundant  connection  to  the  [storage-area  net¬ 
work],  redundant  power  supplies  and  redundant  net¬ 
work  connections.” 

New  systems,  new  roles 

No  new  technology  operates  as  an  island  —  integration 
for  the  most  part  is  unavoidable. 

STW’s  Plasil  recommends  that  companies  considering 
deploying  a  rules  engine  dig  into  the  details  of  how  an 
engine  can  be  linked  to  existing  systems  before  making  a 
purchase.  Corticon’s  technology  lets  STW  incorporate  the 
rules  engine  into  existing  business  applications  as  a  Web 
service,  for  example. 

Consider,  too,  how  any  new  technology  fits  into  the  bigger 
management  picture,  Dutton  says.  For  example,  Dutton  has 
worked  to  create  an  integrated  performance  monitoring 
framework  at  Ibis,  including  software  from  Mercury  Inter¬ 


need  to  be  addressed  are:  Who  owns  the  service?  Who  can 
have  access  to  the  service?  Who  is  responsible  for  main¬ 
taining  the  service?  Who  pays  to  maintain  the  service?” 

As  a  company  shifts  to  an  SOA  model,  job  roles  also  may 
need  to  change,  Page  adds.“Developers  will  need  to  begin 
to  think  differently  about  how  things  are  built.  Right  now 
many  think  a  service  is  just  taking  an  old  application,  plac¬ 
ing  a  service  facade  on  it,  and  calling  it  a  service.  A  service 
needs  to  be  thought  through  end  to  end,”  including  proper 
security  and  version  control,  he  says. 

“Some  roles  will  change,  others  will  just  take  on  responsi¬ 
bility  as  more  and  more  services  come  online.  For  exam¬ 
ple,  service  security  and  governance  could  become  full¬ 
time  positions,”  Page  says. 

Likewise,  using  BPM  tools  and  methodologies  requires 
a  different,  broader  way  of  thinking  than  some  develop¬ 
ers  and  business  systems  analysts  are  accustomed  to, 
Salazar  says. 

“You  have  developers  who  tend  to  want  to  be  very  heads- 
down,  focused  on  snippets  of  code.  And  you  have  business 
systems  analysts  whose  analysis  is  always  within  the  con- 


ien  it  comes  to  rules 
engines  don’t;  be  fooled  by 
the  templates,  the  GUIs. 
If  a  vendor  shows  you  how 
sy  it  is,  be  skeptical. 


Tony  Plasil, 

principal  and  head  of  investment  technology, 
STW  Fixed  Income  Management 


active  that  lets  IT  staff  view  a  broad  picture  of  data  center 
conditions  and  spot  potential  problems. 

Also  make  sure  that  any  new  gear  added  to  the  NDC  archi¬ 
tecture  is  compatible  with  the  existing  framework,  Dutton 
says.“If  you  leave  islands  of  functionality  that  are  not  under 
the  umbrella  of  performance  management  monitoring, 
then  you’re  going  to  have  holes  in  your  visibility’ 

If  a  company  is  building  an  SOA,  tools  for  managing, 
securing  and  monitoring  services  are  important,  says 
Tyrone  Page, senior  software  architect  at  JetBlue  Airways  in 
New  York.“lf  you  have  many  services  supporting  thousands 
or  even  millions  of  requests,  you  need  to  be  able,  at  a 
glance,  to  see  what  is  going  on  with  those  services. You 
need  to  be  able  to  see  if  the  service  is  up,  how  many  unau¬ 
thorized  requests  are  coming  in  and  where  they  are  com¬ 
ing  from,  and  you  want  to  be  able  to  throttle  and  redirect 
traffic  based  on  [service-level  agreements] .” 

The  need  for  governance,  in  particular,  shouldn’t  be  un¬ 
derestimated.  The  hardest  part  about  moving  to  an  SOA  is 
governance,  Page  says.  “When  services  are  built  and  con¬ 
sumed  at  the  enterprise  level,  some  of  the  issues  which 


text  of  the  constraints  of  the  system  that  they  built,”  Salazar 
says.“In  order  to  do  this  work, you  have  to  break  out  of  that.” 

One  way  to  help  along  the  training  process  is  to  use  the 
expertise  of  the  vendor.  During  First  Horizon’s  first  two 
BPM  projects,  an  architect  and  developer  from  Fuego 
worked  with  internal  staff  to  ensure  the  design  and  pro¬ 
cess  decisions  made  went  along  with  the  best  practices 
methodology  Fuego  espouses. 

Having  access  to  them  made  the  knowledge-transfer 
process  more  significant,  Salazar  says.“l  wouldn’t  expect 
as  an  organization  for  us  to  know  what  to  do  and  not  to 
do  the  very  first  time  we  tried.”B 
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YOUR  BRANCH  OFFICES 


ARE  GROUNDED  — AGAIN. 


Eliminate  network  delays  and  keep  your  enterprise  on-schedule. 


With  Packeteer  WAN  optimization  appliances,  your  business-critical  applications  are 
always  cleared  for  take-off.  They  give  you  monitoring,  control,  acceleration,  and 
management  all  in  one,  convenient  appliance.  What's  more,  you  can  control 
recreational  and  malicious  traffic  to  further  improve  employee  productivity.  The 
result?  Faster  access  to  business-critical  applications  and  happier  branch  office  users. 


Learn  how  to  keep  your  network  flying.  Go  to  www.packeteer.com  today. 


Only  Packeteer  gives  you: 
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500+  applications 


Flexible,  policy-based  control 
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Compare  1&1  with  other  companies  and  you'll  see  that  not 
all  web  hosts  are  created  equal.  You  want  the  most  web 
for  your  money,  so  you  need  a  web  hosting  specialist.  1&1 
focuses  all  its  resources  on  bringing  you  the  most  complete  host¬ 
ing  packages  at  some  of  the  best  prices  in  the  industry. 


It's  official:  the  gloves  are  off!  With  over  5  million  customers 
worldwide  and  more  than  a  decade  of  web  hosting  experience, 
1&1  stands  head-to-head  with  all  the  industry  heavyweights. 

Compare  for  yourself  and  see  why  1&1  is  the  world's 
#1  web  host. 
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Spotlight:  on  best 


BY  JOANNE  CUMMINGS 

s  enterprise  IT  executives  embrace  the  concepts  of  open,  logical, 

Web-based  computing,  they  also  must  rethink  their  security  best 

practices.  In  New  Data  Center  (NDC)  architectures, security  needs  to 
go  beyond  the  borders  of  the  enterprise  to  encompass  partners,  customers  and 
even  users.  Rhonda  MacLean,  former  head  of  security  for  Bank  of  America  and, 
before  that,  Boeing,  today  takes  on  that  tall  order  for  a  variety  of  enterprises.  She 
has  parlayed  her  experiences  into  a  position  as  principal  of  the  year-old  MacLean 
Risk  Partners  and  now  spends  her  time  advising  clients  about  how  to  quantify  and 
mitigate  security  risks  in  today's  NDC  environment.  In  this  Q&A,she  shares  her  lat¬ 
est  thinking  on  security  best  practices. 

As  enterprises  take  more  logical  views  of  computing  and 
build  NDC  architectures  in  support  of  global  supply  chains, 
how  do  security  best  practices  need  to  change? 

Global  supply  chaining  is  causing  de-perimeterization  of  our  IT 
environments.There  may  still  be  some  glass  houses  out  there,  but  the 
processing  is  going  on  virtually  all  over  the  world.  And  this  is  a  world 
in  which  sensitive  information  needs  to  be  shared  and  collabora¬ 
tion  needs  to  be  enabled.  So  enterprise  security  is  not  about  with¬ 
holding  access  anymore,  but  about  having  really  good  processes 
and  technologies  and  people  to  enable  sharing. 

Security  best  practices  need  to  be  adopted  universally  —  cross- 
company  cross-border,  cross-partner,  cross-customer.  Security  has 
to  be  a  shared  responsibility  among  the  primary  organization  and 
its  suppliers,  partners  and  customers. 

This  is  going  to  take  some  significant  cultural  evolution.  For  years 
we  said, ‘Security  is  the  weakest  link  in  the  chain.’ Well,  when  you 
controlled  the  whole  chain,  the  world  was  simple.  But  that  isn’t  the 
case  anymore.  Organizations  today  are  doing  virtualization,  grid 
computing,  Web  services  or  open  source  code  —  all  these  things 
are  occurring  and  converging  at  the  same  time.  Embracing  the 
notion  of  shared  responsibility  and  having  robust  governance  and 
assurance  processes  are  going  to  become  more  important  [than  ever]. 

So  security  needs  to  be  a  collective  responsibility? 

A  good  way  to  think  about  this  is  by  comparing  it  to  healthcare  and 
insurance.  If  you’re  a  smoker, your  premiums  are  high.  But  your  doctor 
—  cmqiqpjj  fy^dse  more  and  eat  more  broccoli, 

[and  your  insurance  company  says]  your  premiums  may  go  down  ir 
'to  yoij'jl  then  be  at  lower  risk. 

So  you  take  personal  responsibility  and  do  so.This  shows  the'cliain . " 111 . 

ffect,  if  you  will,  of  everybody  working  together  to  make  sure  that  you’re 
?  unaging  your  health. 

he  computing  environment  is  a  lot  like  that.  We’re  in  this  ecosystem 
■V  !v  everyone  needs  to  have  some  responsibility  for  the  health  of  the 
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Does  this  apply  to  governance  and  assurance 
as  well? 

Governance  is  complex.  Obviously  it  starts  with  compa¬ 
ny  policy.  And  you’ve  got  legal  and  regulatory  obligations 
wherever  you’re  doing  this  business. Those  are  givens. 

I  know  the  financial  industry  has  an  initiative  that  it’s 
working  toward  for  vendor  management,  around  the 
whole  compliance  of  vendors  that  financial  companies 
rely  on. Companies  want  to  get  some  assurances  from  their 
vendors  about  security  practices.  What  are  their  business- 
continuity  practices?  And  how  much  resiliency  is  built  in? 
I  want  to  make  sure  my  company  is  online  24  hours  a  day, 
seven  days  a  week,  365  days  a  year.  So  1  need  to  know  the 
best  practices  of  the  companies  in  that  supply  chain,  be¬ 
cause  today  I’m  dependent  on  delivering  those  services 
through  a  cast  of  characters. 

And  if  this  third  party  can't  meet  your  standards, 
then  you  don't  work  with  it? 

That’s  right.The  real  winners  will  be  the  ones  who  know 
how  to  do  that  —  because  of  the  criticality  and  the  com¬ 
petition  to  have  robust  capabilities. 

So  the  largest  companies  will  push  these  stan¬ 
dards  and  assurances? 

They  will.  And  the  more  companies  get  asked  about  their 
policies,  the  more  governance  and  oversight  they  see,  the 
more  they’ll  begin  to  build  security  in  upfront.  If  you’re 
going  to  be  a  part  of  this  global  supply  chain  . . .  integration 
of  security  and  resiliency  should  be  an  essential  part  of 
every  product  and  service.  Retrofitting  and  recovery  is 
much  more  expensive. 

Do  we  have  all  the  pieces  necessary  to 
secure  NOG  architectures? 

The  basic  security  concepts  around  protect, 
detect,  respond  and  recover  are  still  good.  And  so 
the  technologies  that  revolve  around  them  are  still 
important.  Now,  to  support  the  virtualization  of  this 
infrastructure,  we  need  to  have  some  investment  as 
well  as  maturing  and  evolving  of  capabilities  that  we’ve 
about  for  a  lone  time. 

rc 

_  H^fooperateina 

de-perimeterized,  global  environ’ 
ated  identities, which  will  be  tough, because  those  involve 
jlicy  agreements.  A  lot  of  work  needs  to  be  done  there. 
Also,  [we  need  to  better  understand]  the  concepts  of 
management  and  data-rights  management.  Where  is 
data?  Who  has  access  to  the  data?  What  is  the  data 


going  to  be  used  for?  What  does  the  data  retention  look 
like?  What  is  the  source  of  the  truth? 

The  concept  of  software  assurance  needs  additional 
work,  too,  given  the  emerging  world  of  allowing  more  open 
source.  Depending  on  where  you  are  —  if  you’re  in  China 
or  South  America  —  open  source  is  just  how  you  do  busi¬ 
ness  globally  So  how  do  you  know  whether  the  software 
you’re  using  contains  open  source  code  or  malware?  Is  it 
hidden,  or  is  it  just  sloppy  code? 

That,  operationally  can  have  significant  consequences. 
The  associated  risk  warrants  some  investment.  We  need  to 
better  understand  how  to  provide  and  deliver  on  software 
assurance. 

Is  there  a  security  best  practice  that  tends  to  be 
overlooked  in  the  NDG? 

Oftentimes  the  security  or  the  risk  professionals  are  not 
at  the  table  when  organizations  are  talking  about  new 
products,  services  or  capabilities. 

Why?  Are  they  seen  as  naysayers? 

I  don’t  think  so.  Most  understand  this  need  to  be  able  to 
share  sensitive  data  and  the  need  for  collaboration.  The 
issue  is  more  just  setting  up  good  processes  and  good 
relationships. 

I  was  fortunate  enough  to  work  in  two  great  companies 
where  security  was  considered  integral  and  involved  a  lot 
of  collaboration.  We  worked  hand  in  hand  with  the  busi¬ 
ness.  1  don’t  think  everybody  has  that.  I  know  when  I  talk  to 
many  chief  information  security  officers,  one  of  their 
biggest  complaints  is  that  they  don’t  often  know  some¬ 
thing  is  going  on  until  after  it’s  happened. 

That’s  the  real  missed  opportunity  —  to  leverage  that 
expertise.  [Companies  would  see  a  big  gain]  if  they  were 
able  to  get  some  of  the  security  best  practices  integrated 
into  the  existing  [product]  life  cycles.  Security  would  be¬ 
come  an  integrated  part  of  the  process. 

What  do  you  say  to  companies  that  balk  at  the 
potential  expense? 

Expense  depends  on  the  business,  its  risk  tolerance  and 
the  product  and  service.That’s  why  one  size  does  not  fit  all. 

company  needs  that  [C1S0] 
expertise  at  the  table  —  someone  who  has  a  balancec 

tite.the  threats  and  vulnera¬ 
bilities  and,  most  importantly  what  the  customer  expect 
you  really  think  through  these  as  you  develop  New  Data 
Centers  and  associated  processes  when  you’ve  virtualized 
the  data  centers, you  can  in  the  long  run  save  the  company 
money.  If  you  do  it  right  the  first  time,  it’s  generally  cheaper. 


Isn't  the  cost  of  security  difficult  to  quantify? 

I’m  a  big  believer  in  metrics  and  measurement.  Financial 
institutions  are  well  versed  in  the  discipline  of  credit  and 
market  risk.  They  have  scientific,  quantitative  approaches 
to  figuring  out  their  exposure  in  a  credit  or  market  risk. 
Right  now,  the  concept  of  operational  risk  is  just  emerging. 
There  are  some  quantitative  capabilities  out  there,  but 
there’s  a  lot  of  folk  art  too. 

There  are  some  companies  that  do  threat  assessments 
and  publish  reports  —  Symantec  puts  out  a  very  good 
threat  assessment,  for  example.  We  need  to  start  getting 
some  real  metrics  and  measures  around  risk  assessments 
that  have  been  done.  We  need  these  so  that  we  can  start 
quantifying  as  well  as  prioritizing  the  investment  a  com¬ 
pany  might  need  to  make.  It  will  help  leverage  an  invest¬ 
ment,  so  you’re  not  overdoing  or  underdoing,  but  you’re 
adequately  covering  it. 

The  more  information  we  can  get  about  the  risk  appetite, 
the  risk  profile  of  an  organization  —  how  much  is  within 
the  walls,  outside  the  walls,  are  you  using  a  lot  of  open 
source?  Your  profile  could  change  based  on  the  way 
you’re  doing  business.  Knowing  that  and  being  able  to 
look  at  your  organization  and  the  process  flows  is  where 
you  can  get  innovative. 

From  your  experience,  what  would  you  offer 
as  a  lesson  learned  regarding  security  best 
practices? 

One  of  the  challenges  in  this  business  is  getting  to  the 
root  cause.  So  not  jumping  to  conclusions  before  you 
have  your  facts  and  data  is  important.  As  you  communi¬ 
cate  what’s  going  on,  it’s  OK  to  say, ‘I  don’t  know  yet.’ 

[Also  important  is]  working  with  executives  and  part¬ 
ners  and  being  in  this  together  to  stay  calm  through  the 
crisis  and  keeping  your  wits  about  you  and  being  willing 
to  go  through  the  process.  1  look  at  a  lot  of  this  as  process 
—  collecting  your  facts  and  data  and  then  acting  on  facts 
and  data. 

The  key  is  to  be  flexible,  innovative  and  build  strong 
relationships  —  relationships  are  so  critical  in  this  equa¬ 
tion  — to  be  able  to  call  on  the  people  you  need,  to  get 
their  support.  Everybody  working  together  is  critical  to 
the  success.  It’s  all  about  relationships,  [and  even  more  so 
WNDC] ,  becuusfj-tWwj  alienees 

may  not  be  within  your  own  organization  ot  coiporate 

responsibility 

Cummings  is  a  freelancer  writer  in  North  Andooet;  Mass. 
She  can  be  reached  at  jocunmings®comcasl.net. 
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NDC  tips  S  tools 


in  the  New  Oeta  Center 

These  seven  products  may  be  right  at  home 
in  your  next-generation  infrastructure. 


At-a»giance 


These  seven  tools  represent 
some  of  the  innovative 
technologies  for  the  New 
Data  Center. 

Acopia  Networks 

Adaptive  Resource  Switch 
Type  of  tool:  Storage  virtualization  switch.  What 
it  does:  Improves  storage  utilization  and  lowers 
costs. 

AmberPoint 

AmberPoint  5.0 
Type  of  tool:  Service-oriented  architecture 
management  software.  What  it  does:  Analyzes 
and  monitors  performance;  handles  exceptions  and 
secures  SOA  environments. 

□ataSynapse 

GridServer  Virtual  Enterprise 
Edition 

Type  of  tool:  Grid  computing  software.  What  it 
does:  Grid-enables  applications;  focused  largely 
on  the  financial  services  industry. 

Enigmatec 

Execution  Management  System 

I  Type  of  tool:  Policy-based  automation  software. 
What  It  does:  Intended  to  codify  human  decision¬ 
making  processes  to  automate  management  in 
SOA  environments. 

iGonclude 

iConclude  Repair  System 
Type  of  tool:  Management  automation  and 
diagnosis  platform.  What  it  does:  Automates 
repair  of  problems  based  on  predefined  scripts; 
provides  diagnostic  aids. 

Mirage  Networks 

Mirage  NAC 

Type  of  tool:  Network  access  control  software. 
What  it  does:  Identifies  vulnerabilities  in  clients 
before  they  connect  to  the  network  as  well  as 
anomalies  while  they  are  connected. 

Ssrrffcricifcy 

v'ofcricity  Desktop 
I  , ,  i-  of  tool:  Application  virtualization  software. 

at  <t  vtoes;  Centralizes  Windows  applications 
and  streams  thorn  to  clients  on  an  as-needed  basis, 

1  :>r  si;  opiified  management  and  deployment 

'  in.  -i.'lflR  a 


BY  PAUL  DESMOND 

s  companies  migrate  to  New  Data  Center 
architectures.it  stands  to  reason  that  they’ll 
look  at  a  wide  range  of  vendors  with  new 
tools  to  help.  Here  are  seven  promising  products. 

Acopia  Networks’  Adaptive  Resource  Switch 

As  the  volume  of  data  grows,  so  do  the  challenges  sur¬ 
rounding  data  management,  from  adding  storage  devices 
to  increasing  the  staff  to  manage  them.  Acopia  Networks’ 
Adaptive  Resource  Switch  (ARX)  can  help  out.  The  in- 
band  ARX  front-ends  network-attached  storage  (NAS) 
devices  and  other  file  servers,  acting  as  a  proxy  for  down¬ 
stream  clients.  ARX  provides  a  single  global  namespace 
for  multiple  file  storage  systems,  resulting  in  a  virtual  stor¬ 
age  environment.Virtualization  provides  transparent  data 
migration,  load  balancing  and  a  tiered  storage  infrastruc¬ 
ture  that  delivers  on  an  information  life-cycle  manage¬ 
ment  plan,  says  Tony  Asaro,  head  of  Enterprise  Strategy 
Group’s  storage  lab. 

“NAS  virtualization  is  a  hot  topic,  and  [large  enterprises] 
all  say  they  are  either  evaluating  or  considering  Acopia 
ARX,”  Asaro  says.  Competitors  are  EMC,  via  its  Rainfinity 
acquisition,  and  start-up  NeoPath  Networks,  which  is  like¬ 
wise  getting  traction,  he  says. 

Acopia’s  customer  list  includes  Boston.com,  Goldman 
Sachs,  Merrill  Lynch.Toshiba  and  Warner  Music  Group. 

Ibis  Consulting,  a  Providence,  R.I.,  firm  that  helps  cus¬ 
tomers  with  electronic  discovery  in  response  to  litigation 
and  regulatory  compliance,  has  been  using  ARX  products 
since  January  2005.  Ibis  creates  a  virtual  path  name  for 
each  of  its  projects  and  assigns  some  amount  of  storage 
space,  but  it  never  knows  for  sure  how  much  storage  each 
project  will  require.  Its  two  ARX  switches  have  solved  that 
problem,  says  Cliff  Dutton,  who  had  been  Ibis  CTO  before 
joining  Dynamic  Communication,  a  management  consul¬ 
tancy,  early  this  year. 

“If  additional  storage  is  required,  it  happens  automati¬ 
cally  he  says.  “Ibis  has  avoided  about  30%  of  the  costs  it 
would  otherwise  incur  in  managing  the  storage  environ¬ 
ment,  which  consists  of  more  than  200TB  of  data. 

Spreading  data  across  multiple  NAS  systems  eliminates 
1/0  bottlenecks.  And  the  ARX  gear  creates  multiple  copies 
of  all  the  data  processed  for  more  back-up  security,  Dutton 
says  —  with  no  throughput  overhead  hit. 


AmberPoint’s  AmberPoint  5.0 

Enterprises  that  invest  in  a  service-oriented  architecture 
(SOA)  often  find  their  existing  management  tools  aren’t 
prepared  to  monitor  such  a  dynamic  environment.  Amber¬ 
Point’s  SOA  management  software  addresses  a  number  of 
challenges,  including  performance  analysis,  exception 
management,  validation  of  function  and  performance,  and 
secure  service  delivery 

AmberPoint  customers  include  Best  Buy,  Fujitsu,  Kaiser 
Permanente,  Motorola  and  Northern  Trust.  Many  of  the 
company’s  executives  come  from  Forte  Software,  an  enter¬ 
prise  application  integration  vendor  acquired  by  Sun. 

“I  like  AmberPoint’s  approach,”  says  Judith  Hurwitz,  presi¬ 
dent  of  the  consultancy  Hurwitz  &  Associates.“It’s  really 
done  its  homework  to  look  at  what  it  means  to  manage  an 
environment  where  piece  parts  and  components  that 
you’re  applying  to  a  problem  change  regularly  she  says. 

With  competitors  such  as  Actional  and  Blue  Titan  Soft¬ 
ware, AmberPoint  must  strike  the  right  partnerships, such  as 
with  major  systems  management  players  and  other  leaders 
in  the  SOA  space,  including  HR  IBM,  Oracle  and  SAR  to 
maintain  market  leadership,  Hurwitz  says. 

In  the  meantime,  AmberPoint  is  helping  MedicAlert 
identify  bottlenecks  and  ensure  its  Microsoft-based  Web 
services  infrastructure  meets  service-level  agreements, says 
David  Harrington,  CTO  for  the  MedicAlert  Foundation  in 
Turlock,  Calif. The  nonprofit  uses  Web  services  to  keep  data 
in  sync  between  clients’  E-HealthKey  USB  storage  devices 
and  its  central  data  repository 

“Implementing  the  service  interfaces  between 
E-HealthKey  and  our  repository  was  really  an  exercise 
in  connecting  two  legacy  databases,”  Harrington  says. 
“AmberPoint  was  the  best  dashboard  of  instrumentation 
for  us  to  see  how  we  were  doing.” 

AmberPoint  software  also  decrypts  and  encrypts  mes¬ 
sages  in  transit  and  provides  a  virtualization  capability  so 
that  multiple  MedicAlert  Web  services  can  be  aggregated 
to  look  like  a  single  service  to  outside  partners,  thus  sim¬ 
plifying  integration  and  adding  security. 

DataSynapse’s  GridServer 

The  idea  of  taking  collections  of  low-cost  computers  and 
pressing  them  into  doing  the  work  of  a  mainframe  fits  well 

See  Tools,  page  44 
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_THE  INVASION 

_DAY  11:  These  commoditized  clones  have  taken  over. 
Haven’t  been  outside  in  days.  Living  off  instant 
coffee  and  a  tin  of  breath  mints. 

_DAY  1Z:  They’re  breeding.  Multiplying.  Multiple 
apps.  Multiple  databases.  They  must  have  a  queen. 

_Help. . . me . . . . 
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Tools 

continued  from  page  42 

with  todays  do-more-with-less  ethic,  says  Dan  Kusnetzky,  a 
vice  president  at  IDC.  With  its  GridServer  Virtual  Enterprise 
Edition,  DataSynapse  is  focusing  on  one  of  the  market  seg¬ 
ments  where  the  technology  is  having  the  most  success: 
financial  services.  Customers  include  Credit  Suisse  First 
Boston,  Goldman  Sachs  and  Wachovia. 

“It  doesn’t  require  rocket  scientists  to  make  it  work  if  you 
already  know  Java, VisualStudio, C++  or  one  of  the  other  lan¬ 
guages  [DataSynapse]  supports,”  Kusnetzky  says.“It  has 
tools  to  help  people  in  [the  financial  services]  arena  devel¬ 
op  and  deploy  applications.” 

DataSynapse  isn’t  focused  solely  on  financial  services 
companies;  customers  also  include  human  resources  firm 
Hewitt  Associates  and  Nationwide  Mutual  Insurance 
Company,  for  instance.  But  having  some  focus  is  important 
for  a  smaller  company  in  the  crowded  grid  market.  Some 
30  vendors  address  various  pieces  of  the  puzzle,  Kusnetzky 
says.  Depending  on  the  proposal,  DataSynapse  could  run 
against  HP1BM,  Microsoft  or  Sun,  or  relative  old-timers  like 
Platform  Computing. 

Fbwerex,  which  markets  wholesale  energy  products,  has 
had  impressive  results  with  GridServer.The  Vancouver  com¬ 
pany  is  using  it  to  run  a  risk  analysis  application  from  Sun- 
Gard  dubbed  ZaiNet  Monte  Carlo  Value  at  Risk.  Jeff 
Gingera,  IT  director  and  security  officer  for  Fbwerex,  previ¬ 
ously  ran  ZaiNet  on  an  HP  DL560  four-way  computer.  With 
ZaiNet  now  on  the  grid,  an  average  report  runs  about  15 
times  faster,  while  the  most  complicated  is  about  twice  as 
fast.“One  used  to  take  six  to  10  hours;  it  now  finishes  in  8  to 
9  minutes,”  Gingera  says. 

DataSynapse  faces  the  same  challenge  as  any  grid  player: 
finding  ways  to  segment  older  applications  so  that  they  can 
take  advantage  of  grid  computing,  Kusnetzky  says. 

DataSynapse  is  well-positioned  in  that  regard,  Gingera 
says,  because  it  operates  at  the  sub-operating  system  level. 
This  means  an  application  sees  only  one  operating  system 
instance,  not  the  multiple  CPUs  in  the  background.  “That 
makes  it  easier  to  port  applications  to  the  grid” he  says. 

Enigmatec's  Execution  Management  System 

Enigmatec’s  Execution  Management  System  (EMS)  tries 
to  minimize  the  number  of  people  involved  in  managing 
networks.  All  sorts  of  management  tools  can  send  an  alert 
when  something  goes  wrong,  but  finding  a  fix  often  re¬ 
quires  a  lot  of  decisions.  EMS  is  intended  to  help  organiza¬ 
tions  define  the  steps  they  take  to  address  a  problem  —  say 
failing  over  an  application  to  a  back-up  server  —  then  exe¬ 
cute  those  steps  without  human  intervention. 

EMS  works  with  its  own  network  of  agents  and  a  com¬ 
pany’s  existing  management  and  provisioning  tools  to 
identify  problems  and  deploy  resources.  It  is  particularly 
focused  on  tasks  associated  with  NDC  architectures  such 
as  utility  computing  and  virtualization. “It’s  a  pretty  power¬ 
ful  story  says  John  Humphreys,  research  manager  for  IDC, 
noting  that  EMS  enables  companies  to  better  leverage 
management  tool  investments  they’ve  already  made. 

JPMorgan  Chase,  one  of  seven  customers,  uses  EMS  to 
address  system  failures  quickly  says  Shawn  Findlan,  vice 
president  for  global  credit  trading  and  global  emerging 
r  arkets  for  the  New  York  firm. “If  we  have  a  failure  in  a  pri¬ 
mary  data  center,  an  alert  will  go  off  and  the  Enigmatec 
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software  captures  that.  In  a  few  minutes,  Enigmatec  will 
automatically  migrate  that  application  to  a  new  data  center 
with  adequate  resources,”  he  says. 

Fblicy-based  automation  for  SOA  is  a  developing  market, 
Humphreys  says.  Competitors  include  other  young  compa¬ 
nies:  Cassatt,  Sychron  and  uXcomm.  BMC  Software,  HP  IBM 
and  Sun  are  expected  to  move  into  the  market. 

iConclude’s  iConclude  Repair  System 

iConclude,too,is  trying  to  address  management  problems 
in  the  New  Data  Center.  Repair  System,  an  agentless  plat¬ 
form,  automates  the  repair  of  some  problems  based  on  pre¬ 
defined  scripts.  And,  it  provides  diagnostic  aids  to  speed 
problem  resolution  by  administrators  or  staff. 

“This  is  a  firefighter’s-friend  kind  of  play”  says  Dana 
Gardner,  president  and  principal  analyst  at  Interarbor 
Solutions.  Rather  than  simply  reacting  to  problems  as  they 
occur,  Repair  System  “provides  triage  and  automation.” 

The  product  also  is  intended  to  help  customers  define 
and  adhere  to  repeatable  problem-handling  processes, 
such  as  those  defined  by  the  IT  Infrastructure  Library 


The  time  and  resources 
that  we’re  saving  far 
outweighed  the  cost  Eof 
the  Softricity  software!. 

MARTI  VANDEMORE, 

vice  president,  Heartland  Financial  USA 

IConclude  launched  Repair  System  last  November.  Its 
only  named  customer  is  NSRI  USA,  a  subsidiary  of  a  large 
Japanese  logistics  company  The  company  is  led  by  Sunny 
Gupta  and  other  veterans  of  Mercury  Interactive  and  its 
acquisition,  Performant.“Sunny’s  had  a  good  track  record  of 
success,”  Gardner  notes.“iConclude  can  be  given  a  serious 
look  in  an  RFP  process.”  Such  a  process  could  include  a 
number  of  competitors,  such  as  Indicative  Software,  Opnet 
Technologies  and  ProactiveNet.as  well  as  HPIBM, Microsoft 
and  Red  Hat. 

NSRI  began  looking  at  Repair  System  because  it  is  mov¬ 
ing  from  two  to  a  single  operations-support  center. ‘Tm 
looking  for  any  way  I  can  to  automate  functions,”  says 
Richard  Dixon,  vice  president  of  NSRI. 

The  company  came  up  with  an  immediate  use  for  Repair 
System.  NSRI  often  gets  electronic  data  interchange  (EDI) 
transactions  that  it  can’t  match  to  its  systems,  usually 
because  of  an  invalid  customer  or  location  code  coming 
from  an  overseas  region.  Previously,  a  programmer  would 
fix  the  data.  Using  Repair  System,  the  company  developed 
a  script  to  analyze  problem  EDI  transactions  and  deter¬ 
mine  whether  they  have  a  customer-  or  location-code  prob¬ 
lem.  If  so,  Repair  System  generates  an  incident  report  in  HP 
OpenView  Service  Desk  and  sends  the  source  an  e-mail 
describing  the  problem  and  how  to  fix  it. “[iConclude] 
totally  took  away  the  need  for  a  programmer  to  get  in¬ 
volved,”  Dixon  says. 

Mirage  Networks'  Mirage  NAC 

Network-access  control  tools  are  often  touted  for  their 
ability  to  ensure  that  potentially  vulnerable  clients  in  re¬ 
mote  locations  don’t  connect  to  a  network.  Mirage  NAC 
takes  that  concept  a  step  further. 

It  not  only  conducts  pre-admission  checks,  using  the 
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McAfee  Foundstone  Vulnerability  Management  System,  but 
also  continually  checks  for  anomalous  behavior  while 
clients  are  connected.  Any  offenders  are  isolated.  Mirage 
detects  anomalous  behavior  by  maintaining  a  map  of  un¬ 
used  IP  addresses  and  sending  an  alert  whenever  a  device 
tries  to  access  one  of  them, says  Chris  Liebert, senior  analyst 
with  The  Yankee  Group.“It’s  a  good  approach,” she  says. 

Customers  include  high-tech  companies  National  Instru¬ 
ments  and  OnDemand  Software;  law  firm  Hogan  &  Hart- 
son;  and  Pennsylvania  State  University  Users  report  Mirage 
NAC  has  dramatically  decreased  the  time  it  takes  to  find 
problem  devices  on  their  networks,  Liebert  says. 

Chris  Hanson,. IT  project  manager  for  Kern  Schools  Fed¬ 
eral  Credit  Union  in  Bakersfield,  Calif.,  is  one  such  user. 
What  he  likes  best  about  Mirage  NAC  is  that  it’s  agentless. 
“So  many  security  products  want  you  to  have  their  special 
client  to  watch  this,  that  and  the  other]’ he  says.“Pretty  soon 
it  becomes  a  nightmare.” 

Competitors  include  Arbor  Networks,  Cisco,  Lancope  and 
Mazu  Networks.  Mirage’s  biggest  challenge  is  to  improve 
the  NAC’s  reporting  capabilities  and  to  make  it  more  selec¬ 
tive  about  what  alerts  it  reports  on,  Liebert  says. 

Softricity’s  Softricity  Desktop 

Managing  Windows  applications  is  no  picnic, between  the 
servers  that  run  various  components  and  the  potentially 
massive  amount  of  often-flaky  client  code  on  each  desk¬ 
top.  The  idea  behind  Softricity  Desktop  is  to  get  rid  of  most 
of  that  code  by  centralizing  all  applications  and  having 
them  delivered  to  clients  as  services  on  an  as-needed  basis. 
If  that  sounds  like  the  old  thin-client  song  that  Sun  CEO 
Scott  McNealy  has  been  singing  for  years,  it  pretty  much  is. 
The  key  difference  is  that  Softricity  makes  it  work  for  Win¬ 
dows  applications  such  as  Office  and  Exchange  that  most 
companies  rely  on  day  to  day 

“It’s  really  about  managing  the  complexity  of  Windows,” 
says  Interarbor’s  Gardner.  Softricity  Desktop  eases  updates, 
patches  and  deployment  when  managing  dozens  to  hun¬ 
dreds  of  Windows  applications,  he  says. 

That’s  been  the  case  for  Heartland  Financial  USA,  a  bank¬ 
holding  company  in  Dubuque,  Iowa,  that  as  of  late  last  year 
was  supporting  about  700  of  its  1 ,000  users  from  the 
Softricity  platform.  The  help  desk  now  spends  about  80% 
less  time  grappling  with  application  issues,  says  Marti 
Vandemore,  vice  president  of  IS.  “Now,  we  know  the  appli¬ 
cation  works,”  he  says.  Even  better,  he  adds,  “in  just  a  few 
minutes,  we  can  deploy  [an  application]  to  100  users.” 

The  product  also  simplifies  disaster  recovery  planning 
because  server  images  are  independent  of  the  hardware 
on  which  they  run  and  can  be  restored  easily  on  another 
server.  “The  time  and  resources  that  we’re  saving  have  far 
outweighed  the  cost”  of  the  Softricity  software,  he  says. 

Among  the  challenges  Softricity  faces  is  that  it  currently 
works  only  with  Windows  applications,  Gardner  says. 
Another  drawback  is  that  one  virtualized  application  can’t 
currently  call  another,  such  as  when  an  Office  application 
wants  to  invoke  an  Adobe  Acrobat  reader,  says  Shane 
Nicely,  assistant  vice  president  of  IS  at  Heartland  Financial. 
His  overall  impression,  however,  is  that  Softricity  has 
“worked  much  better  than  we  expected.” 

Desmond  is  president  of  PDEdit,  in  Southborough,  Mass.  He 
can  be  reached  at  paul@pdedit.com.  Senior  Editor  Denise 
Dubie  contributed  to  this  story. 
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JPMorgan  Chase  supports  30QD/o  growth 
with  a  capacity-on-demand  platform  for  apps. 


BY  DENISE  DUBIE 

It's  no  surprise  that  financial  services  giant  JPMorgan 
Chase  is  a  pioneer  in  the  quest  for  automated,  virtu¬ 
alized  New  Data  Center  technologies.  With  assets  of 
$1.2  trillion  and  operations  in  50  countries,  the  compa¬ 
ny  is  engaged  in  multiple  initiatives  all  working  toward  the 
common  goals  of  maximizing  IT  resources,  reducing  costs 
and  speeding  performance.  Examples  include  grid  com¬ 
puting,  policy-based  management  of  virtualized 


resources  and  automated  application  mapping  and 
change  control.  As  these  projects  evolve,  they  will  ideally 
converge  and  enable  the  New  York-based  financial  serv¬ 
ices  giant  to  conquer  tomorrow's  IT  challenges. 

Shawn  Findlan,  a  vice  president  responsible  for  the  glob¬ 
al  credit  trading  infrastructure,  in  early  2004  started  to 
explore  how  to  boost  his  department's  infrastructure. 
Pressed  with  performance  demands  and  constricted  by 
costs, Findlan  realized  he  needed  to  revise  his  infrastructure 
rather  than  build  out  new  additions.  At  that  time,  the  IT  de¬ 
partment  had  just  completed  a  consolidation  project  that 
reduced  costs  by  25%  to  30%.That  was  good,  but  not  good 


enough.  JPMorgan  Chase  predicted  the  business  Findlan 
supported  to  grow  by  300%  in  2005  and  needed  its  recent¬ 
ly  consolidated  infrastructure  to  support  that  growth. 

“Our  challenge  was  to  add  300%  capacity  and  optimize 
the  environment  to  enable  less  downtime  and  to  failover 
more  quickly  for  less  mone^’  Findlan  says. 

While  JPMorgan  Chase  had  virtualized  its  compute  re¬ 
sources  via  a  grid  —  dubbed  the  Compute  BackBone 
(CBB)  —  Findlan  was  now  looking  to  virtualize  the  appli¬ 
cation  and  database  layers.  Thus  Fmdlan's  project,  the 
Credit  Derivatives  Infrastructure  Refresh  (CDIR),was  bom. 
Instead  of  running  scheduled  jobs  across  resources  using 
virtualization  tools  fromVMware  or  Sun,  Findlan  wanted  an 
application  to  be  able  to  tap  server,  database  and  other 
components  in  an  entirely  virtualized  environment  that 
could  be  created  on  demand.  When  a  trading  application 
needed  more  server  or  database  resources,  this  flexible  in¬ 
frastructure  would  create  an  end-to-end  application  envi¬ 
ronment  on  the  fly  to  support  the  application's  latest  needs. 

“If  the  application  can  utilize  the  CBB  for  compute  serv¬ 
ices,  it  will  be  sent  to  the  CBB,”  Findlan  says.“If  there  was  a 
failure  in  the  primary  data  center,  we  wanted  to  be  able  to 
migrate  an  application  to  an  [on-demand]  infrastructure 
that  doesn't  exist  on  a  day-to-day  basis.” 

Virtualizing  application  resource  pools 

Findlan  realized  he’d  need  a  tool  that  could  create  virtual 
pools  of  resources  and  then  automatically  distribute  those 
resources  when  business  needs  fluctuated.  His  search  led 
him  to  relative  newcomer  Enigmatec,  which  provides  man¬ 
agement  software  that  can  automatically  distribute  re¬ 
sources  based  on  preset  policies. 

Dubbed  Execution  Management  System  (EMS),  the  soft¬ 
ware  detects  system  failures  and  load  changes  on  servers, 
and  can  fix  problems  using  preset  policies,  Enigmatec  says. 
The  software  also  can  separate  an  application  from  dedi¬ 
cated  server  resources  and  apply  other  available  resources 
to  the  application. 

EMS  uses  distributed  agents  to  monitor  system  perform¬ 
ance,  measure  actual  performance  against  preset  thresh¬ 
olds  and  take  action  when  performance  degrades.  When 
action  is  required,  Enigmatec  will  automatically,  say,  move 
CPU  resources  into  an  application  environment  to  meaU* 
the  demand  for  more  capacity 

Enigmatec  software  doesn’t  rely  on  a  centralized  man¬ 
agement  console  to  configure  agents,  take  corrective 
action  or  store  data.  IT  installs  the  agents  on  managed  sys- 

See  JPMorgan,  page  48 
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InfraStruXure™  Express 
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Examining  everything  from  hot 
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events!  Pre-empt  trouble  and  prevent 
downtime.. .take  a  demo  today  at 
http://promo.apc.com  and  enter 
the  keycode  highlighted  in  the  box 
below. 
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restrictions?  Check  out  our  new.  Fuel 
Cell  based  extended  runtime  option, 
fully  integrated  into  the  InfraStruXu¬ 
re™  architecture,  and  featuring  the 
additional  runtime  you  need  for 
peace  of  mind!  See  it  at  http://pro- 
mo.apc.com  and  enter  the  keycode 
highlighted  in  the  box  below. 


NCPI  Science  Center 

With  more  than  80  "must-read" 
white  papers  published  on  data 
center  issues  and  technologies, 
our  NCPI  Science  Center  is  actively 
investigating  the  problems  of  today 
and  tomorrow.  With  lab-testing 
and  field  research  to  back  up  over 
200  years  of  combined  experi¬ 
ence,  there's  no  data  center  issue 
this  tenacious  team  can't  handle. 
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work  at  http://promo.apc.com  and 
enter  the  keycode  highlighted  in 
the  box  below. 
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a  fanatical  focus  on  eliminating  downtime 
wherever,  whenever,  and  however  it  occurs. 
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disposal,  with  the  sole  mission  of  helping 
to  increase  profits  and  peace  of  mind  wherever 
your  data  is  created,  transmitted,  or  stored. 
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in  R&D  in  the  next  12  months,  providing 
solutions  for  the  problems  of  today  and 
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terns  and  use  a  Web  interface  to  create  policies,  configure 
agents  and  monitor  performance. The  agents  can  interact 
via  peer-to-peer  networking.  For  example,  a  new  agent  in¬ 
stalled  on  a  server  would  instantly  register  itself  with  the 
closest  neighbor  agent  and  get  updated  with  the  policies 
configured  in  the  neighboring  agent. 

When  using  Enigmatec,  Findlan  says  he  can  disassociate 
the  IT  service,  or  the  multiple  services  that  make  up  an 
application,  from  dedicated  hardware.  This  virtualization 
allows  an  application  component  to  tap  resources  from 
various  components  in  the  infrastructure, he  explains.  Enig¬ 
matec  allows  the  application  to  request  services  from  any 
available  hardware  or  software  resources,  the  vendor  says. 

“Enigmatec  brings  a  bit  more  intelligence  to  its  automa¬ 
tion  and  virtualization  than  some  competitors,” says  George 
Hamilton,  director  of  enterprise  computing  and  network¬ 
ing  at  The  Yankee  Group.  “Fblicy-based  management  and 
virtualization  are  part  of  the  bigger  goal  for  overall  data 
center  automation,  and  Enigmatec  addresses  the  problem 
with  a  disaster  recovery/failure  approach.” 

Provisioning  infrastructure  components 

In  Findlan’s  case,  after  working  with  application  develop- 


www.nww.com/NDC5QQ6/BP 


ment  and  operations  teams,  he  input  multiple  “what-if” sce¬ 
narios  into  the  Enigmatec  software  that  will  prompt  it  to 
take  action  when  alerted  by  a  monitoring  system. 
Enigmatec,  as  well  as  a  provisioning  tool  Findlan  declined 
to  name,  is  integrated  with  this  monitoring  system.The  data 
collected  from  multiple  third-party  monitoring  tools  is 
aggregated  into  the  centralized  system. 

Findlan  clarifies  that  this  effort  was  a  collaboration  of  var¬ 
ious  tools.  He  says  he  needed  to  first  break  down  applica¬ 
tions  to  understand  how  they  used  the  infrastructure. Then 
he  needed  to  examine  the  processes  involved  to  enable 
software  to  manage  application  performance  automatically 
For  example,  if  the  trading  application  required  more  server 
capacity,  Findlan  wanted  to  create  a  virtualized  infrastruc¬ 
ture  that  would  provision  a  server  to  support  the  applica¬ 
tion  load  immediately. 

After  breaking  down  and  understanding  applications,  he 
implemented  a  provisioning  tool  that  would  automatically 
build  infrastructure  components  when  prompted  to  by 
Enigmatec,  which  responds  to  actions  kicked  off  by  preset 
“if,  then”  scenarios  Findlan  defined  in  the  software.  Using  a 
central  management  console,  he  can  watch  the  process  as 
it  runs  across  application  and  infrastructure  components. 

“The  monitoring  system  allows  data  to  be  collected  and 
visualized  in  one  place,  and  it  allows  us  to  act  upon  events 
happening  across  the  environment  from  one  area,”  he  says. 


Findlan  worked  on  this  project  throughout  2004  and  it 
went  live  for  the  credit  derivative  application  in  2005.  He 
continues  to  work  to  expand  the  system  to  include  more 
business  units  and  their  applications.The  biggest  challenge 
Findlan  encountered  was  also  the  most  critical  — integra¬ 
tion  of  the  virtualized  components. 

“The  biggest  piece  of  this  is  getting  all  the  parts  working 
together  in  one  deployment,”  he  says.  “We  needed  to  tie 
together  the  underlying  interfaces  so  the  Enigmatec  soft¬ 
ware  could,  for  example,  tell  the  provisioning  tool  to  build 
something  out  without  manual  intervention." 

Findlan  would  not  share  specifics  about  performance 
improvements,  but  says  the  company  “experienced  signifi¬ 
cant  improvements  in  uptime”  across  several  hundred 
nodes  being  managed  through  the  CDIR  initiative.  While 
Findlan  says  the  project  is  operational  for  the  credit  deriva¬ 
tive  business  unit,  and  that  he  is  implementing  the  CDIR 
solution  at  various  stages  in  other  lines  of  business,  he  also 
admits  he  has  only  partially  achieved  his  goals  with  this 
project.  The  system  using  Enigmatec  can  automatically 
allocate  resources,  but  he  has  yet  to  enable  it  to  automati¬ 
cally  reclaim  resources,  which  would  ease  follow-up  man¬ 
ual  processes.This  is  part  of  the  next  phase,  he  says. 

“We  have  achieved  the  capacity  on  demand,”  Findlan 
says, “and  now  we  are  working  to  get  it  automated  in  real 
time  in  both  directions.”  ■ 
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maybe  it’s  time 
you  look  at 

AdaptiveKVM” 

When  servers  are  down  or  inaccessible,  you  need 
fast  and  reliable  out-of-band  access  and  control. 


Cyclades  AdaptiveKVM™  (patent  pending)  is  the  industry's  first 
integrated  solution  that  combines  KVM  over  IP  and  Microsoft® 
Remote  Desktop  Protocol  (RDP)  technology  in  a  single 
appliance.  By  using  KVM  over  IP  combined  with  RDP, 
AdaptiveKVM  provides  continuous  access  for  remote  server 
management. 
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All  the  power  of  our  Dominion®  KX  packed  into  a  smaller,  incredibly  versatile  form  factor. 


•  Deploy  them  by  the  hundreds,  even  in  dispersed  locations. 

•  Manage  them  all  centrally  through  a  single  IP  address. 

•  Get  to  them  all  without  the  access  limitations  of  a  KVM  switch. 

Visit  us  online  to  learn  more  about  switchless  KVM  and  the  future  of  infrastructure  management. 


www.KXbutt.com 


When  you're  ready  to  take  control. 
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Users  love  to  customize  their  desktops.  Your 
challenge  is  to  work  with,  not  against,  them. 


i 


BY  BETH  SCHULTZ 


Have  you  given  much  thought  to  what  today’s 
increasingly  sophisticated  users  will  be  like 
in  a  decade?  Because  you  are  currently 
building  the  infrastructure  that  will  support  these  future 
workers,  don’t  wait  too  long  before  you  do. 

One  of  the  main  differences  that  will  define  the  next- 
generation  workforce  from  today’s  is  the  level  of  individ¬ 
ualization  people  will  bring  to  their  work.  Pundits  pre¬ 
dict  that  in  10  years  every  employee  will  completely  per¬ 
sonalize  and  customize  the  IT  environment  for  the  task 


at  hand.  Likewise,  the  workplace  will  respond  by  com¬ 
pletely  customizing  the  workers  and  teams  it  hires  for  the 
project  at  hand. 

Evidence  of  such  individualization  is  already  visible. Try 
as  you  might  to  provide  a  full  range  of  technology  choic¬ 
es,  many  of  today’s  workers  always  want  more  — the  abil¬ 
ity  to  customize  the  desktop  has  become  part  of  their 
social  DNA.  An  employee  in  accounting  downloads  a 
media  player  because  back¬ 
ground  music  helps  him  better 
concentrate  on  his  number 
crunching.  A  project  manager  asks 
team  members  to  use  an  open 
source  groupware  tool  he  favors 
for  collaboration  and  calendaring 
purposes.  A  workgroup  begins 
using  a  free  instant  messaging 
client,  regardless  of  any  policy  IT 
may  have  set  on  its  use. 

In  a  recent  poll,  Gartner  asked 


Ultimately,  far-flung, 
virtual  work  teams 
will  be  the  norm.  By 
starting  today  to 
support  intensely 
collaborative  work 
situations,  you’ll  grow 
your  IT  expertise  as 
virtual  teams  grow  in 
dominance. 


170  people  the  extent  to  which  they  customize  their  per¬ 
sonal  workspaces  by  adding  their  own  tools,  devices,  soft¬ 
ware,  music,  information  resources  and  the  like.  Nearly 
one-half  (48%)  of  respondents  reported  customizing  their 
work  environments  aggressively  or  moderately.  Only  10% 
said  they  did  not  customize  at  all. 

Considering  consumer  behavior,  social  connectivity 
and  the  plethora  of  personal  devices  workers  have  at  their 
disposal,  each  year  such  personalization  of  the  desktop 
will  increase  and,  by  2015, you  can  safely  assume  that  the 
average  worker  will  customize  90%  of  his  tools  and  infor¬ 
mation  resources,  says  Diane  Morello,  a  research  vice 
president  at  Gartner.  This  personalization  will  go  hand  in 
hand  with  the  customization  of  an  individual’s  work  cul¬ 


ture  —  a  worker  will  have  choices  galore  for  job  mobility 


the  ability  to  affiliate  with  global  communities,  the 
chance  to  become  a  “free  agent”  or  to  participate  in  glob¬ 
ally  distributed  work  teams,  Gartner  reports. 

From  mass  customization,  we’ll  see  extreme  individual¬ 
ization,  Morello  predicts.  A  Gartner  report,  co-authored  by 
Morello,  explains:“Future  workers  will  be  more  independ¬ 
ent,  take  a  high  degree  of  control  over  defining  and  creat¬ 
ing  their  workplace  and  work  model,  operate  more  glob¬ 
ally,  become  highly  active  in  creating  and  programming 
media,  take  on  more  responsibility  for  defining  business 
models,  and  drive  and  create  change.” 

The  stark  reality,  she  adds,  is  that  90%  of  companies 
today  are  lagging  behind  in  the  thinking  and  the  skills 
necessary  to  support  this  future  worker.  If  you’re  among 
that  vast  majority  and  remain  so  in  coming  years,  you’ll 
forever  be  climbing  uphill, she  says. Workers  will  regularly 
force  IT  decisions,  not  just  occasionally  as  they  have  in 
the  past.  Smart,  forward-thinking  IT  executives  (and  other 
business  leaders)  will  take  the  time  today  to  understand 
the  customization  trend  and  consider  the  implications  for 
tomorrow’s  enterprise,  Morello  adds. 

The  good  news  is  that  if  you’ve  begun  to  build  a  Web¬ 
centric,  virtualized,  open  New  Data  Center  architecture 
capable  of  providing  a  variety  of  on-demand  resources 
and  supporting  a  vastly  extended  enterprise,  then  you’re 
on  the  right  track.  And  if  you’re  trying  to  figure  out  how 
best  to  support  collaboration,  then  all  the  better.  Ulti¬ 
mately  far-flung,  virtual  work  teams  will  be  the  norm,  and 
by  starting  today  to  support  intensely  collaborative  work 
situations  you’ll  grow  your  IT  expertise  as  virtual  work 
teams  grow  in  dominance. 

Also  important  is  to  experiment  with  how  to  increase 
IT’s  flexibility  while  still  keeping  wraps  on  management. 
Rather  than  standardizing  on  one  set  of  desktop  tools  for 
all  employees,  for  example,  offer  users  the  ability  to  pick 
and  chose  from  an  array  of  tool  options  —  and  make 
those  tools  easily  downloadable  no  matter  what  type  of 
device  users  have  or  where  they're  located.  In  other 
words,  make  yourself  the  go-to  guy  (or  gal)  for  users  even 
as  they  assert  their  independence  and  customize  their 
workspaces. 

Your  long-term  goal,  Gartner  suggests,  is  to  transform 
yourself  from  technology  provider  to  trusted  advisor.  No 
matter  when  today’s  customization  results  in  extreme  in¬ 
dividualization,  that’s  not  a  bad  idea  at  all  K 


Server  Technology 

Solutions  for  the  Data  Center  Equipment  Cabinet 

The  Sentry  CDU  distributes  power  for  Blade 
servers  or  up  to  42  dual-power  1U  servers 
in  one  enclosure.  Single  or  3-phase  input 
with  110VAC,  208VAC  or  mixed  110/208VAC 
single-phase  outlet  receptacles. 

Metered  CDU 

>  Local  input  Current  Monitoring 

Smart  CDU 

>  Local  Input  Current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power  Temperatures 
and  Humidity 

Switched  CDU 

>  Local  input  current  Monitoring 

>  Supports  External  Temperature  and 
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To  make  SMARTstart 
headache  remedy,  visit 

mvspeqxnver.com/smart 
or  call 814-474-2207 


Nothing  gives  you  a  bigger  headache  than  infrastructure 
hardware  and  software  problems  at  the  wrong  time. 
Often  these  issues  cost  you  valuable  system  downtime 
and  require  a  site  visit  to  reboot  hardware.  Let 
SMARTstart  remote  power  distribution  systems  show 
you  the  effkient  way  to  manage  your  systsin's  power. 

•  Trusted  by  major  OEM's 

•  Reboot  from  anywhere,  anytime  via  web  or 
TCP/IP 

•  Remote  power  distribution  and  drcuit  protection 
for  AC  or -48  VDC  or +24  VDC  systems 

■  Auto  reset  drcuit  beaker  feature  addresses  no 
fault  breaker  trips  for  DC  systems 

AC  PDU  features  auto  power  on  sequence  in  the 
event  of  power  outages.  This  prevents  potential 
damage  as  a  result  of  inrush  currents  when  power 
is  suddenly  restored. 
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Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 


Features  £  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Badge  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection 
Program  Included 

•  Larger  keyboard  and 
display  sizes  available 
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Call  1-800-255-3739  or  visit  www.computerwise.com 
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FEATURE 

telemedicine 

Partners  Healthcare  extends  treatment  to  homebound  patients,  remote  stroke  victims. 


BY  JOEL  SHORE 

Following  her  diagnosis  of  congestive  heart  failure  in  2004, 68-year-old  Carolyn  Thornton  was  given  a  choice: 

She  could  wait  at  her  suburban  Boston  home  for  twice-weekly  medical  readings  taken  by  a  visiting  nurse 
and  recorded  in  a  notebook,  or  do  it  herself.  Her  decision  to  take  her  own  daily  readings  and  transmit  them  to 
cardiac  nurses  in  Boston  may  have  saved  her  life. When  a  nurse  noticed  a  precipitous  drop  in  Thorntons  blood 
pressure  reading,  she  called  the  patient  and  urged  her  to  seek  medical  attention. 


54  *  www.networkwarld.com  •  2.20.06 


Home-based  vital-sign  monitoring  is 
just  one  way  the  technology  known  as 
telemedicine  can  save  lives  and  im¬ 
prove  medical  care.  Led  by  Mass¬ 
achusetts  General  Hospital  (MGH), 
the  hospitals  of  Partners  Healthcare 
are  forging  ahead  with  several 
telemedicine  initiatives  that  bring 
healthcare  closer  to  patients. 

Hundreds  of  patients  are  enrolled  at 
home  in  vital-sign  monitoring  programs, 
and  a  project  that  monitors  patients 
with  hypertension  in  their  homes  is  due 
to  get  under  way  shortly.  Another  pro¬ 
ject  that  allows  homebound  patients  to 
have  virtual  visits  to  doctors’  offices 
with  specialists  or  consultations  for  sec¬ 
ond  opinions  serves  nearly  2,000 
patients  per  year.  And  a  fourth  project 
allows  acute  stroke  patients  brought  by 
ambulance  to  outlying  community  hos¬ 
pitals  to  be  quickly  diagnosed  by  MGH’s 
stroke  specialists. 

What  is  startling  about  these  telemed¬ 
icine  initiatives  is  their  use  of  modest 
network  technology  and  rock-bottom 
cost  —  just  $100  per  month,  per  patient 
for  the  heart-monitoring  project,  in¬ 
cluding  all  home  and  data-center  hard¬ 
ware,  communications,  application 
development  and  ongoing  operations 
for  hundreds  of  patients. 

“Simple  solutions  too  often  are  over¬ 
looked,”  says  Doug  McClure,  corporate 
manager  for  technology  services  at 
Partners’  telemedicine  group  in  Bos¬ 
ton.  “There  is  no  breakthrough  of  new 
technology  here,  but  a  leveraging  of 
inexpensive,  reliable  technology  that 
was  proven  long  ago.” 

Telemedicine  technology 

Home-based  monitoring  begins  with 
a  small  tabletop  console.  Plugged  into 
it  are  various  sensors,  which  may 
include  a  blood-pressure  cuff,  a  pulse 
oximeter  for  measuring  pulse  and 
blood-oxygen  saturation  levels,  and  a 
scale  for  recording  weight.  The  con¬ 
sole’s  liquid  crystal  display  prompts 
patients  through  data  gathering,  then 
the  patient  presses  a  button  that  ini¬ 
tiates  a  dial-up  session  to  upload  the 
data  through  the  patient’s  home  tele¬ 
phone  line. 

“We’re  talking  about  patients  who 
often  are  not  PC-sawy  and  who  rarely 
have  a  broadband  connection  in  their 
home,”  says  Dr.  Joseph  Kvedar,  direc¬ 
tor  of  telemedicine  at  Partners  Medical 
Group.  “These  devices  must  be  user- 
friendly  and  not  intimidate.”  Major  sup¬ 
pliers  in  the  market  include  the 
TeleStation  from  Philips  and  HomMed 
from  Honeywell. 

Although  the  cuff,  pulse  oximeter  and 
i!e  are  connected  to  the  console  via 
i  cs,  that’s  changing,  McClure  says. 
“The  technology  is  rapidly  moving  to 
wireless  measurement  devices  that 


communicate  with  the  console  via 
either  [radio  frequency]  or  Bluetooth,” 
he  says.  Similar  in  concept  to  a  wireless 
mouse,  it’s  safer  for  patients,  especially 
those  with  limited  mobility. 

Data  handling  and  analysis  is  straight¬ 
forward,  McClure  says.  The  patient’s 
home  device  dials  an  ISP  and  uses 
secure  HTTP  to  upload  the  data  to  a 
server  inside  the  Partners  firewall.  The 
amount  of  data  transmitted  each  day  is 
minimal,  resulting  in  a  communications 
session  that  typically  lasts  less  than  30 


Connected  care 

Partners  Healthcare  uses 
simple,  inexpensive  technology 
to  remotely  monitor  patients' 
vital  signs.  A  typical  patient 
station  uses  a  regular  phone 
line,  a  cell  phone  or  broadband 
to  link  to  the  medical  organization. 
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seconds.  Although  dedicated  servers 
are  used,  this  was  mostly  a  matter  of 
convenience.  “These  are  not  high- 
volume  transaction-processing  appli¬ 
cations,”  McClure  says.  “The  invest¬ 
ment  in  hardware  was  tiny.” 

Session  data  is  recorded  to  an  Oracle 
or  Microsoft  SQL  Server  database  con¬ 
taining  the  patient’s  previous  readings. 
McClure  has  members  of  his  team 
working  with  a  MySQL  database,  inves¬ 


tigating  the  viability  of  eventually  mov¬ 
ing  to  another  open  source  solution. 

Server-side  clinical  algorithms 
developed  by  McClure’s  staff  analyze 
the  new  information  in  the  context  of 
each  patient’s  continually  growing 
history  of  daily  readings.  Grouped 
into  three  severity  levels,  any  condi¬ 
tion  outside  the  acceptable  “green” 
boundaries  set  by  the  patient’s  physi¬ 
cian  immediately  are  conveyed  to 
nurses  via  a  secure  HTTP  session  and 
displayed  on  their  workstations  in  yel¬ 
low  or  red.  With  only  exceptions 
reported,  they  are  quickly  noticed 
and  can  be  addressed  immediately. 

Daily  monitoring  identifies  sudden 
changes  that  would  likely  be  missed 
during  a  monthly  visit  to  the  doctor  or 
twice-weekly  readings  taken  by  a  visit¬ 
ing  nurse.  Thornton  discovered  this 
firsthand  when  she  received  a  call 
from  a  nurse  concerned  that  her 
blood  pressure  had  taken  a  precipi¬ 
tous  drop.  “I  was  advised  to  contact 
the  doctor  right  away,”  Thornton 
says.  She  did,  and  appropriate  med¬ 
ical  steps  were  taken.  Nurses  still 
visit,  but  now  on  an  as-needed  basis 
rather  than  a  rigid  preset  schedule. 

The  simple  operation  is  a  result  of  a 
design  philosophy  that  placed  heavy 
demands  on  IT  early,  while  minimizing 
that  department’s  involvement  once 
the  systems  were  implemented. 

“We  have  tried  to  build  systems  that 
are  IT  labor-intensive  to  set  up  but 
low-maintenance  in  terms  of  opera¬ 
tion,”  says  Dr.  Lee  Schwamm,  designer 
and  director  of  the  TeleStroke  Center 
at  MGH.  “Our  standard  is  that  these 
solutions  must  be  easier  than  a  VCR 
for  [the]  patient  and  the  nurses  to 
use;  the  last  thing  we  want  is  to  haul 
an  IT  person  out  of  bed  at  2  a.m.  to 
troubleshoot  a  connection.” 

Unlike  the  home-monitoring  pro¬ 
gram,  which  ultimately  will  have  thou¬ 
sands  of  units  deployed,  the  Tele- 
Stroke  program  links  subscribing  com¬ 
munity  hospitals  to  MGH,  allowing  a 
stroke  patient  to  receive  immediate 
attention  by  MGH’s  stroke  specialists. 
The  system  operates  as  a  hub-and- 
spoke  with  MGH  at  the  center  sur¬ 
rounded  by  13  smaller  Massachusetts 
community  hospitals  as  far  away  as 
Martha’s  Vineyard  and  Nantucket. 

By  using  videoconferencing  technol¬ 
ogy,  stroke  specialists  at  MGH  can 
examine  patients  at  the  remote  hospi¬ 
tals  to  help  diagnose  ailments  and  rec¬ 
ommend  a  plan  of  care.  “I  can  examine 
someone  interactively  with  the  help  of 
a  physician  or  a  nurse  on  the  other  end, 
and  1  can  make  a  determination  of  the 
stroke  severity  and  the  type  of  stroke 
by  looking  at  the  patient  and  at  the 
brain  image,”  Schwamm  says.  “It’s 
almost  like  being  in  the  room.” 


Again,  the  key  is  simple  and  reliable, 
Schwamm  says.  “We  use  the  off-the- 
shelf  videoconferencing  hardware  and 
run  the  sessions  over  an  ISDN  line.  It 
provides  the  bandwidth  we  need.”  As 
McClure  puts  it,  “We  are  much  more 
about  process  innovation  than  technol¬ 
ogy  innovation.” 

When  it  comes  to  treating  a  stroke, 
every  minute  counts,  and  the  lack  of 
stroke  specialists  at  these  small  hospi¬ 
tals  was  the  impetus  for  creating  the 
TeleStroke  program.  One  form  of  stroke 
treatment  is  to  administer  Tissue 
Plasminogen  Activator  (tPA),  a  clot- 
busting  drug  that  can  greatly  reduce 
the  disability  resulting  from  a  stroke. 
But  tPA  must  be  administered  within 
three  hours  of  symptom  onset. 

Conquering  challenges 

The  overall  Partners  network  is  very 
large,  with  more  than  40,000  users  dis¬ 
persed  across  six  major  Boston-area 
hospitals,  clinics,  joint  ventures  and 
research  labs,  and  an  affiliation  with 
Harvard  Medical  School.  Even  though 
each  telemedicine  system  is  imple¬ 
mented  as  a  silo,  isolated  from  the 
overall  network,  the  overall  Partners 
infrastructure  presented  several  tech¬ 
nical  challenges. 

McClure’s  development  team  divided 
these  challenges  into  three  categories 
—  patient,  communications  and  data. 
None  proved  difficult  to  solve. 

Education  calmed  patients’  fears  and 
eased  apprehension  among  nurses.  “If 
a  patient  puts  on  the  blood-pressure 
cuff  incorrectly  or  stands  on  a  scale 
while  holding  her  dog,  we  get  bad  read¬ 
ings,”  McClure  says.  These  two  read¬ 
ings  are  used  to  calculate  fluid-reten¬ 
tion  levels,  the  critical  factor  for 
patients  with  congestive  heart  failure 
such  as  Thornton.  The  goal  is  so-called 
“wear  and  forget”  wirfeless  sensors,  but 
the  technology  isn’t  quite  there. 

“Both  nurses  and  patients  were 
reluctant  at  first,”  says  Kathy  Duckett, 
a  registered  nurse  and  director  of  clin¬ 
ical  programs  at  affiliate  Partners 
Home  Care,  whose  clinicians  adminis¬ 
ter  the  program.  “Instead  of  a  visiting 
nurse  taking  a  reading  just  twice  a 
week,  the  patient  now  does  it  every 
day.  They  become  more  involved  in 
the  process  and  know  they  are  being 
monitored  more  closely.” 

Kvedar  agrees  that  acceptance  often 
requires  a  nudge,  more  so  within  the 
medical  community  than  among 
patients.  Telemedicine  is  viewed  by 
many  in  healthcare  as  “counterintu¬ 
itive,”  turning  the  long-accepted  model 
of  the  “patient  going  to  where  the 
healthcare  is”  upside  down.  Nurses 
who  believed  that  distance  medicine 
would  drive  a  wedge  between  patient 
and  care  giver  now  acknowledge  that 
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patients  in  fact  feel  more  connected. 
“Patients  know  their  data  is  being 
looked  at  every  day.” 

Communications  —  simply  getting 
the  data  out  of  patients’  homes  — 
was  the  next  hurdle.  Because  most 
older  patients  do  not  have  a  broad¬ 
band  Internet  connection,  solutions 
were  designed  for  the  lowest  com¬ 
mon  denominator,  a  dial-up  line  in 
every  home. 

But  as  today’s  Internet-sawy  popu¬ 
lation  becomes  tomorrow’s  tele¬ 
medicine  patients,  the  widespread 
presence  of  broadband  in  homes  will 
allow  downloading  of  interactive,  rich 
educational  content. 

Perhaps  the  biggest  challenge  was 
the  development  of  algorithms  to  ana¬ 
lyze  incoming  patient  data  and  under¬ 
stand  its  meaning  in  the  context  of 
the  patient’s  history  of  previous  read¬ 
ings.  Many  months  were  spent  devel¬ 
oping  and  testing  these  algorithms. 

In  deploying  the  TeleStroke  video- 
conferencing  solution  at  other  hospi¬ 
tals,  Schwamm  found  that  hospitals 
with  larger  IT  infrastructures  that 
have  not  implemented  videoconfer¬ 
encing  must  spend  more  time  and 
manpower  to  configure  firewalls  and 
allay  security  concerns. 

“Larger  institutions  are  the  hub  in 
this  model,  not  the  outlying  spoke,  so 
issues  of  scalability  compound  for 
the  hub  hospital  as  more  smaller  hos¬ 
pitals  sign  up  and  become  additional 
spokes  in  the  wheel.” 


Conversely,  hospitals  with  a  modest  IT 
infrastructure  will  find  implementation 
straightforward.  “All  it  takes  is  a  small 
server,  an  ISDN  line  and  a  videoconfer¬ 
encing  unit.” 

The  beauty  of  home-based  telemoni¬ 
toring  and  the  associated  server-side 
applications  is  its  low  cost.  A  yearlong 
project  following  500  patients  costs 
$600,000,  pocket  change  by  medical- 
industry  standards. 

Calculating  a  return  is  not  what 
these  projects  are  about.  The  rate  of 
hospitalizations  for  patients  65  and 
older  with  congestive  heart  failure 
skyrocketed  from  about  60  per  10,000 
in  1970  to  nearly  230  per  10,000  in 
2000,  according  to  the  National  Heart, 
Lung  and  Blood  Institute. 

“Successful  implementation  of  tele¬ 
medicine  translates  to  fewer  hospital¬ 
izations,  less  stress  on  the  healthcare- 
delivery  system,  better  utilization  of 
healthcare  professionals  and  im¬ 
proved  quality  of  life  for  patients,” 
Duckett  says. 

Currently,  half  of  e'l  patients  with  con¬ 
gestive  heart  failure  die  within  five 
years  of  being  diagnosed,  Duckett  says. 
Telemedicine  is  changing  that.  “Daily 
monitoring  allows  us  to  react  quickly, 
administer  treatment  or  adjust  medica¬ 
tion,  and  cut  down  on  hospitalizations 
and  doctor  visits.  We  are  saving  lives 
and  reducing  healthcare  costs  at  the 
same  time.” 

Now  stabilized  and  sensitized  to  the 
diet  and  environmental  factors  that 


Dr.  Lee  Schwamm  evaluates  a  patient  at  a  remote  hospital  who  is  having  a  stroke  to  decide 
whether  or  not  a  clot-busting  medication  called  tPA  should  be  administered. 


affect  her  health,  Thornton  no  longer 
needs  her  telemonitoring  console  and  is 
free  to  travel.  “Telemonitoring  made  me 
feel  like  a  trailblazer,”  she  says.  “I  was 
lucky  to  be  invited  into  this  program; 
today  I  feel  much  stronger.” 

Upcoming  initiatives 

With  development  on  the  home 
health  monitoring  and  TeleStroke  pro¬ 
jects  largely  complete,  Partners  is  tack¬ 
ling  new  initiatives. 

Nearing  its  launch  is  the  Partners 
Healthcare  hypertension-monitoring 
project,  an  outgrowth  of  its  heart¬ 
monitoring  effort.  In  its  initial  phase, 
it  will  keep  track  of  several  hundred 
patients  with  chronic  high  blood  pres¬ 
sure.  Because  they  are  not  home- 
bound,  and  the  only  sensor  required 
is  one  to  measure  blood  pressure, 
mobility  is  a  bigger  factor. 

“These  patients  are  not  homebound, 
so  use  of  their  cell  phones  as  a  data 
aggregation  and  transmission  device  is 
an  obvious  use  factor,”  McClure  says. 

The  metric  for  success  will  be  the 
degree  to  which  Partners  can  help 
people  manage  their  blood  pressure 
more  effectively,  with  an  ultimate  goal 
of  avoiding  downstream  effects,  such 
as  stroke,  heart  attack  and  congestive 
heart  failure.  Hypertension  is  not  an 
acute  condition,  but  it  is  one  that  is 
significantly  more  pervasive  through¬ 
out  the  general  population. 

Also  on  the  docket  are  a  patient-man¬ 
agement  system  and  a  fully  electronic 
patient  medical  record.  These  are 
under  development  as  Web  services 
based  on  protocols  promulgated  by 
Health  Level  Seven  (HL7),  an  ANSI- 
accredited  Standards  Developing 
Organization  (SDO)  that  operates  in  the 
healthcare  arena  —  much  as  the  IEEE 
sets  network  standards.  While  other 
SDOs  define  protocols  for  such  health¬ 
care  domains  as  pharmacy,  medical 
devices,  imaging  or  insurance-claims 
processing,  HL7’s  domain  is  clinical 
and  administrative  data. 

The  Partners  road  map  calls  for  a 
fully  electronic  patient  record  that 
will  incorporate  hospital  test  results, 
radiological  images  and  telemonitor¬ 
ing  data.  Once  implemented,  Web- 
based  visits  to  doctors’  offices, 
whether  in  Boston  or  elsewhere,  can 
become  more  efficient,  eliminating  the 
administrative  expense  and  delay 
associated  with  retrieving  a  paper- 
based  patient  medical  history. 

“The  electronic  medical  record  is  our 
Holy  Grail,”  McClure  says. 

Shore  is  a  technology  journalist  in 
Southborough,  Mass.,  who  provides  prod¬ 
uct-strategy  consultation  and  editorial- 
development  services  to  technology  com¬ 
panies.  He  can  be  reached  at  www. 
joelshore.com. 


Intel  explores 
telemedicine 

Intel  is  on  the  telemedicine 
bandwagon  and  is  using  its 
considerable  clout  to  urge 
government  leaders  to  tap  the 
burgeoning  technology  to  help 
solve  the  economic  and  social 
challenges  brought  on  by  sky¬ 
rocketing  healthcare  costs 
and  a  rapidly  growing  popula¬ 
tion  of  aging  citizens. 

Speaking  in  December  at  the 
White  House  Conference  on 
Aging,  held  once  a  decade, 
Intel  Chairman  Craig  Barrett 
said,  “We  can  make  the 
healthcare  system  more  cost- 
efficient  while  simultaneously 
improving  the  quality  of  care 
and  life  for  our  nation’s  aging 
population.” 

He’s  got  that  right.  But  it’s  a 
race  against  time. 

With  nearly  35  million  senior 
citizens  today,  the  United 
States  spends  16%  of  its 
Gross  Domestic  Product  on 
healthcare,  a  figure  likely  to 
hit  25%  as  the  number  of 
senior  citizens  doubles  during 
the  next  20  to  30  years. 

Put  more  narrowly,  the  U.S. 
population  of  those  aged  85 
and  older  is  exploding  from  3 
million  in  1990  to  a  projected 
5.7  million  in  2010  and  17.7  mil¬ 
lion  in  2050,  according  to  U.S. 
Census  Bureau.  There  simply 
aren’t  enough  physicians  and 
nurses  to  go  around 

In  a  direct  boost  to  telemedi¬ 
cine  technology,  Barrett  says  a 
broad  range  of  personal 
health  technologies  designed 
to  go  into  the  home  will  help 
an  aging  population  maintain 
its  independence  while  defer¬ 
ring  costly  institutional  care. 

Intel  is  researching  innova¬ 
tions  in  sensors,  software  and 
wireless  technologies  that 
allow  vital  information  about 
heart  rate,  respiratory  rate, 
blood  pressure  and  sleep  pat¬ 
terns  to  be  tracked  remoteiy. 

The  company  is  leveraging  its 
expertise  in  broadband  Internet 
connectivity  to  allow  data  to  be 
shared  in  real  time  between 
seniors  and  healthcare  profes¬ 
sionals,  as  well  as  among  family 
members  who  deliver  the 
majority  of  care  to  seniors. 


Test  shows  VoIP  call  quality  can  improve 
with  SSL  VPN  links 


BY  JOEL  SNYDER,  NETWORK  WORLD  LAB  ALLIANCE 

VoIP  is  often  written  off  as  an 
application  that  will  not  work 
well  over  an  SSL  VPN  link.To  test 
that  argument,  we  examined  10 
SSL  VPN  products 
in  four  network 


Our  unimpaired  and  good  networks 
tested  out  at  4.2  and  3.3  respectively, 
very  acceptable  levels  of  quality.  The 
bad  and  bad/slow  networks  had  MOS 
scores  of  2.41  and  2.26,  which  would 
be  considered  unacceptable  in  a 
business  environment. 


Pushing  VoIP  over  your  SSL  VPN  will  help 
serve  up  call  quality  to  remote  sites 

While  our  results  show  some  differences  between  the  10  products 
tested,  that  was  not  the  point  of  this  test.  Small  variations  in  the 
MOS  score  registered  by  each  product  are  not  significant.  What  is 
important  to  recognize  in  this  test  is  that  the  results  show  that  SSL 
VPN  and  VoIP  work  together  very  well  over  broadband  networks, 
even  in  the  face  of  some  network  loss  and  congestion.  In  this  graph, 
the  solid  vertical  lines  represent  the  reference  performance  results 
for  each  network  type  without  any  SSL  VPN  product  in  place  while 
data  points  show  how  each  vendor’s  SSL  VPN  performed 
on  the  four  networks.  Data  points  to  the  right  of  the  reference 
lines  represent  an  improvement;  to  the  left,  a  degradation. 


With  an  unusable  network,  nothing 
can  be  done  to  make  a  bad  situation 
better.  F5's,  Nortel's,  SonicWALL's  and 
Juniper's  ESP-based  transport  held 
the  line,  but  everyone  else  gave  very 
poor  call  quality  in  this  scenario, 


scenarios  to  see 
how  well  VoIP 
calls  were 
handled  by 
the  prod¬ 
ucts’  net¬ 
work  exten¬ 
sion  clients. 


The  news  is  generally  good.  In  high-bandwidth, 
low-latency  environments,  there  is  virtually  no 
difference  in  quality  between  an  unencrypted 
VoIP  call  and  the  same  call  made  over 
an  SSL  VPN  (see  chart).  Even  better 
news  is  our  discovery  that  a  VoIP  call 
made  over  SSL  VPN  on  a  typical  broad¬ 
band  Internet  connection  is  of  higher 
quality  than  an  unencrypted  call.  The 
only  bad  news  comes  with  truly  awful 
network  connections:  ones  with  high 
loss  and  limited  bandwidth.  In  this 


When  a  poor-quality  broadband  network  was  used,  Aventail 
and  Nokia  failed  to  improve  the  quality  of  the  call  when 
compared  with  our  unprotected  reference.  F5's  and 
Juniper's  ESP-based  transport  improved  the  call,  but  not 
enough  to  make  it  acceptable.  All  the  other  SSL  VPN 
vendors  took  an  unacceptable  call  and  made  it  acceptable. 


Juniper's  IPSec  ESP-based  transport  didn’t  improve 
call  quality  the  way  that  its  TCP-based  transport 
does  for  good  and  bad  network  quality.  Instead, 
the  ESP-based  transport  behaved  in  the  same 
way  as  an  unencrypted  network. 


F5’s  FirePass  4100,  Juniper  Networks’  Secure 
Access  6000,  Nokias  Secure  Access  System 
500,  Nortel’s  VPN  Gateway  3070  and  Sonic- 
Wall’s  SSL-VPN  2000. 

While  our  results  do  show  some  differences 
between  products, small  variations  in  the  MOS 
should  not  be  considered  significant.  More 
importantly,  our  testing  demonstrates  that  SSL 
VPN  and  VoIP  work  together  very  well  over 
broadband  networks,  even  in  the  face  of  some 
network  loss  and  congestion.  We  also  found 
that  datagram-based  SSL  VPN  techniques  such 
as  those  used  by  Nortel  and  Juniper  (both 
optionally)  do  not  appear  to  offer  any  real 
advantage  for  VoIP  traffic  and  may  give  poorer 

results  than  TCP- 
based  SSL  VPN 
from  the  same 
vendors. 

To  test  VoIP  over 
SSL  VPN,  we  used 
a  product  from  GL 
Communications 
that  measured  the 
quality  of  voice 
calls  using  stan¬ 
dardized  testing 
procedures.To  see 
how  VoIP  would 
behave  in  the  real 
world  of  broad¬ 
band  ISPs,  we 
used  a  Shunra 
Virtual  Enterprise 
to  inject  latency, 
loss  and  other  impairments,  based  on  our 
measurements  of  broadband  IP  service  at 
wireless  hot  spots,  hotels  and  other  tem¬ 
porary  locations  around  the  world,  (see 
“How  we  did  it,”DocFinder:2223).We  used 
common  “soft  phone”  Session  Initiation 
Protocol  software  on  the  SSL  VPN  client 
side,  with  a  SIP  “hard  phone”  inside  the  SSL 
VPN  server. 


Because  broadband  connections  are 
so  much  faster  than  VoIP  require¬ 
ments,  SSL  VPNs  can  deliver  better- 
quality  voice  calls  than  pure  VoIP.  Here, 
Array  managed  to  improve  a  call  that 
would  otherwise  have  been  considered 
unacceptable  by  increasing  the  MOS 
score  from  2.41  to  3.69. 


On  an  unimpaired  network,  all  devices 
but  F5’s  gave  us  scores  within  2%  of 
the  reference  unencrypted  network. 
F5's  4.02  was  definitely  lower  than 
the  other  SSL  VPNs,  but  still  would 
be  considered  a  very  good-quality  call. 


environment,  neither  unencrypted  VoIP  calls  nor 
SSL  VPN-protected  calls  will  be  considered 
acceptable  (for  example,  below  a  mean  opinion 
score  [MOS]  of  3). 

With  the  exception  of  Fortinet’s  Fortigate  appli¬ 
ance,  the  vendors  included  in  this  test  are  the 
same  as  those  that  were  tested  with  our  blow¬ 
out  SSL  VPN  test  conducted  last  December 
(www.nww.com,  DocFinder:  2222).  AEP  Net¬ 
works’  Netilla  Security  Platform,  Array  Networks, 
SPX-5000,  Aventail’s  Smart  SSL  VPN,  Caymas 
Systems’  Caymas  525,  Check  Point’s  Connectra, 

an&v  --  r  —r  urit'TinriM— 


•  In  our  tests,  the  bad/slow  network  operated  at  0.1Mbps  with  60-millisec  latency,  20- 
millisec  jitter,  2%  loss,  1%  out  of  order  packets,  1%  duplicate  packets,  and  congestion 
every  20  seconds  of  30%  packet  loss  and  1,000-millisec  latency. 

▲  Our  bad  network  operated  at  0.5Mbps  with  60-millisec  latency,  20-millisec  jitter,  2% 
loss,  1%  out-of-order  packets,  1%  duplicate  packets  and  congestion  every  20 
seconds  of  30%  packet  loss  and  1,000-millisec  latency. 

■  Our  good  network  operated  at  0.5Mbps  with  45-millisec  latency,  10-millisec  jitter, 
0.25%  loss,  1%  out-of-order  packets,  1%  duplicate  packets  and  no  congestion. 

Our  unimpaired  network  operated  at  100Mbps  with  no  latency,  loss,  faults  or 
congestion. 


We  examined  four  scenarios,  ranging  from  a 
perfect  100Mbps  network  with  a  few  millisec  of 
latency,  all  the  way  to  a  poor  quality  100Kbps 
network  with  60  milliseconds  of  latency  and 
other  impairments.  We  called  these  four  sce¬ 
narios  “unimpaired,”  “good,”  “bad”  and 
“bad/slow” 

Our  first  tests  set  a  reference  to  see  how  the 
SIP  software  and  hardware  would  work  with¬ 
out  a  VPN  in  the  way. The  GL  Communications 
Voice  Quality  Tester  gave  us  MOS  ratings  for 
our  calls,  with  higher  scores  being  better  qual- 
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ity.Most  people  would  consider  a  call  with  a  score  as  low 
as  3.0  to  be  acceptable,  although  obviously  degraded 
(see  “Minding  your  Ps  and  Qs”). These  no-VPN  networks 
set  the  standard  for  SSL  VPNs  to  meet:  acceptable  quality 
over  unimpaired  and  good  networks,  with  poor  calls  over 
the  bad  and  bad/slow  networks. 

Our  next  set  of  tests  measured  how  each  SSL  VPN 
device  behaved  carrying  VoIP  calls  over  an  unimpaired 
network.  The  results  were  good.  In  general,  the  SSL  VPN 
devices  caused  very  little  degradation  in  the  quality  of 
the  VoIP  calls.  With  a  perfect  MOS  being  4.24,  as  set  by  our 
base  test,  the  worst  score  we  saw  (with  F5  being  the 
exception)  was  4.16.  And,  as  we  noted  above,  the  differ¬ 
ence  between  that  and  the  perfect  score  is  not  likely  to 
be  noticeable.  Even  the  low  score  registered  by  the  F5 
FirePass  device,  at  4.02,  would  still  be  considered  a  very 
good  call.  Granted,  testing  over  an  unimpaired  network 
with  zero  latency  doesn’t  tell  you  much  about  how  these 
devices  would  work  in  the  real  world. 

Performance  tests  run  across  the  good  network  yielded 
counterintuitive  results.  We  had  predicted  that  the  quali¬ 
ty  of  a  call  over  an  SSL  VPN  could  not  be  better  than  over 
a  clean  wire,  just  because  of  the  additional  interactions 
between  TCP  and  SSL  on  the  protocol  level  that  SSL  VPNs 


Mind  your  Ps  and  Qs 

By  Joel  Snyder,  Network  World  Lab  Alliance 

Voice-quality  testing  is  a  traditionally  obscure 
and  dark  corner  of  telephony  that  has  recently 
become  more  interesting  with  the  rise  in  VoIP 
and  mobile  communications.  The  standards  for  VoIP 
testing  come  out  of  the  International  Telecommun¬ 
ications  Union  (ITU),  formerly  known  as  the 
International  Consultative  Committee  on  Telegraphy 
and  Telephony. 

The  original  ITU  standard,  P.800,  (more  formally 
known  as  Recommendation  P.800)  for  voice-quality 
testing  is  decidedly  non-technological.  The  test  re¬ 
quires  a  panel  of  judges  to  listen  to  voice  calls  and 
then  score  them  based  on  a  particular  set  of  crite¬ 
ria.  The  scores  are  aggregated  into  a  single  number, 
called  the  Mean  Opinion  Score  (MOS),  typically 
shown  in  a  range  of  1  (worst)  to  5  (best). 

Running  MOS  tests  is  expensive  and  time  consuming. 
To  test  the  four  scenarios  across  our  SSL  VPN  field  of 
10  contenders  would  have  been,  to  put  it  politely,  ‘‘not  in 
the  budget.”  Fortunately,  the  ITU  understands  the  need 
for  a  more  efficient  and  repeatable  way  of  testing  voice 
quality  and  has  created  alternative  tests  that  can  be 
automated. 

Perceptual  Evaluation  of  Speech  Quality  (PESO) 
represents  a  complex,  but  objective,  test  that  is  sup¬ 
posed  to  be  analogous  to  MOS.  Through  a  well- 
defined  series  of  phases,  including  level  and  time 
alignment,  input  filtering,  perceptual  modeling,  equal¬ 
ization  and  disturbance  processing,  a  score,  called 
the  PESO-LOO  (Listening  Quality,  Objective)  pops  out 
that  maps  directly  to  the  MOS  score. 

The  ITU  tried  several  times  to  get  the  PESO  score 
to  match  what  a  MOS  test  turns  up.  In  our  testing,  we 
report  the  PESO-LOO  score  from  ITU  Recommenda¬ 
tion  P.862.1  because  it  maps  most  closely  to  the  most 


put  under  the  User  Datagram  Protocol  (UDP)-based  VoIP 
traffic.  We  were  astonished  with  the  results  from  the  first 
test  runs  on  the  good  network;  it  showed  that  many  SSL 
VPNs  improved  the  quality  of  VoIP  calls  —  we  retested 
everything,  twice  just  to  confirm  the  results.The  improve¬ 
ment  in  call  quality  from  our  baseline  of  3.31  ranged 
from  less  than  5%  to  as  much  as  20%.  Only  with  extreme¬ 
ly  detailed  analysis  of  the  packets  crossing  the  good  net¬ 
work  did  we  discover  what  was  happening:  TCP  was 
improving  the  quality  of  calls  by  reordering  and  retrans¬ 
mitting  packets. 

In  every  case,  adding  an  SSL  VPN  to  a  VoIP  call  over  a 
good  broadband  network  improved  call  quality  So  in 
effect,  wrapping  a  VoIP  call  in  SSL  gives  it  more  structure, 
kind  of  like  the  rind  of  good  Brie.  What  we  had  not  count¬ 
ed  on  was  the  huge  difference  between  what  VoIP 
requires  (64Kbps)  and  a  typical  broadband  connection 
of  500Kbps  or  more.  Because  the  broadband  connection 
was  so  fast,  TCP  was  able  to  repair  the  impairments  with¬ 
out  reducing  voice  quality. 

One  twist  of  SSL  VPNs  is  that  not  every  vendor  uses  SSL 
over  TCP  in  its  network  extension  client  implementation. 
Nortel’s  client  encrypts  TCP  traffic  over  TCP  but  encrypts 
UDP  traffic  over  UDPIf  the  UDP  doesn’t  get  through,  the 


frequently  used  MOS.  There  are  several  other  PESO 
scores  seen,  defined  in  Recommendation  P.862.  All 
three  scores  measure  the  same  thing,  although  their 
scale  and  linearity  vary.  This  means  that  comparing 
results  across  different  tests  is  not  possible  if  differ¬ 
ent  versions  of  the  test  were  used. 

Understanding  exactly  what  a  MOS  represents  is 
another  matter.  Although  the  obvious  “higher  is  bet¬ 
ter"  applies,  trying  to  figure  out  when  a  voice  call  goes 
from  acceptable  to  unacceptable  is  another  matter.  A 
normal  analog  or  digital  telephone  call  will  generally 
have  a  MOS  of  4.2  to  4.4.  A  typical  cell  phone  call  will 
range  from  3.0  to  3.7,  while  a  poor  cell  phone  call 
would  be  scored  less  than  2. 

Another  voice  quality  scoring  system  described  by 
the  ITU  is  the  Perceptual  Analysis  Measurement 
System  (PAMS),  in  P.800.  PAMS  is  a  “listening  opin¬ 
ion"  test,  which  is  different  from  PESO,  a  “conversa¬ 
tion  opinion"  test.  PAMS  attempts  to  measure  listen¬ 
ing  quality  (using  the  same  scale  as  PESO)  and  listen¬ 
ing  effort.  PAMS  looks  for  errors  introduced  into  the 
voice  channel  and  predicts  how  they  will  affect  listen¬ 
ing  quality  and  listening  effort. 

A  third  metric  you'll  often  see  is  the  ITU's  Percep¬ 
tual  Speech  Quality  Measure  (PSQM)  from  P.861. 
PSQM  is  recommended  for  use  in  assessing  speech 
codecs,  and  not  the  behavior  of  an  entire  voice  con¬ 
nection.  The  PSQM  is  often  reported  as  well,  and  we 
have  scaled  it  to  match  MOS.  The  native  scores  for 
PSQM  range  from  0  (excellent)  to  6.5  (poor),  so  we 
have  rescaled  PSQM  to  match  the  range  of  PESO. 

In  our  testing,  we  generated  all  of  these  scores, 
and  they  can  be  found  in  a  spreadsheet  (see 
DocFinder:  2240).  All  of  the  analysis  in  the  accompa¬ 
nying  story  is  based  on  the  PESQ-LQO  scores. 


client  falls  back  to  pure  encrypted  TCP  Juniper’s  client 
uses  the  Encapsulating  Security  Protocol  (ESP)  transport 
of  IPSec,  a  datagram  service  similar  to  UDP  for  TCP  and 
UDP  traffic. This  is  optional,  with  the  client  able  to  try  ESP 
first  and  if  that  doesn't  get  through,  fall  back  to  standard 
SSL  over  TCP 

We  tested  Juniper  with  TCP  and  ESP  because  these 
are  under  the  control  of  network  managers.  Our  initial 
predictions  were  that  VoIP  over  TCP  would  behave 
poorly  compared  with  VoIP  over  datagram  services 
such  as  UDP  and  ESP  because  TCP’s  retransmissions 
would  interfere  with  voice  quality.  Our  tests  showed 
that  for  a  good  network,  Nortel’s  and  Juniper’s  data¬ 
gram  services  gave  15%  lower  call  quality  than  corre¬ 
sponding  TCP-based  services.  The  call  quality  was 
roughly  the  same  as  for  an  unencrypted  network,  a 
result  that  made  sense. 

The  best  news  of  all  our  testing  came  when  we  set  up 
the  bad  network,  representing  the  lower  end  of  quality 
of  the  broadband  services.  In  this  test, TCP  and  a  high¬ 
speed  network  again  came  to  the  rescue.  All  but  three 
of  our  SSL  VPN  vendors  also  improved  the  unaccept¬ 
able  call  but  took  call  quality  up  enough  for  the  call  to 
be  considered  acceptable.  In  these  tests,  we  saw  as 
much  as  a  45%  to  50%  improvement  in  call  quality.  For 
network  managers  looking  to  deploy  VoIP  over  SSL  VPN 
for  traveling  users,  this  means  calls  from  all  but  the 
worst  broadband  networks  will  have  very  acceptable 
voice  quality. 

Our  last  test,  run  over  a  bad,  slow  network,  showed  that 
when  the  network  is  horrible,  nothing  helps.  In  some 
cases, such  as  with  F5’s,  Nortel’s,  SonicWall’s  and  Juniper’s 
ESP-based  transport,  the  call  quality  over  these  degraded 
links  was  about  as  bad  as  the  reference.  In  all  other  cases, 
though,  the  interaction  between  a  bad, slow  network  and 
VoIP  gave  awful  results. 

Network  managers  who  wish  to  use  SSL  VPN  with 
VoIP  services  can  roll  them  out  in  most  network  sce¬ 
narios  knowing  that  SSL  VPN  can  clean  up  an  average 
network  connection.  For  home  users  who  have  good- 
quality  broadband,  and  for  most  travelers,  any  of  the 
SSL  VPN  devices  would  give  a  good  experience. 
Because  this  test  focused  only  on  one  aspect  of  SSL 
VPN  remote  access,  VoIP  call  quality,  our  results  may 
not  help  to  significantly  differentiate  products.  Instead, 
our  testing  shows  that  VoIP  and  SSL  VPN  can  coexist 
very  happily. 

Snyder  is  a  senior  partner  at  Opus  One,  a  consulting 
firm,  in  Tucson,  Ariz.  He  can  be  reached  at  Joel.Sny 
der@opusl.com. 
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■  Snyder  is  a  member  of  the  Network  World  Lab  Alliance,  a  cooper¬ 
ative  of  the  premier  testers  in  the  network  industry,  each  bringing 
to  bear  years  of  practical  experience  on  every  test.  For  more  Lab 
Alliance  information,  including  what  it  takes  to  become  a  partner,  go 
to  www.networkworld.com/alliance. 

Other  members:  Mandy  Andress,  ArcSec:  John  Bass,  Centennial 
Networking;  Travis  Berkley,  University  of  Kansas;  Jeffrey  Fritz, 
University  of  California,  San  Francisco;  James  Gaskin.  Gaskin 
Computing  Services;  Thomas  Henderson,  ExtremeLabs;  Mieroom, 
network  consultancy  and  product  test  center;  Christina  Percy, 
Perey  Research  &  Consulting-  Barry  Nance,  independent  consul¬ 
tant;  Thomas  Powell,  PINT.  Joel  Snyder,  Opus  One;  Rodney  Thayer. 
Canola  &  Jones. 
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E-MAIL  NEWSLETTER  SHOWCASE:  MESSAGING 

University  gets  help  managing  Exchange 


BY  MICHAEL  OSTERMAN 

The  Washington  State  University 
Puyallup  Research  and  Extension 
Center,  located  about  an  hour 
south  of  Seattle,  is  focused  on 


agricultural  research  and  related 
areas.  This  operation  of  Washing¬ 
ton  State  runs  Microsoft  Ex¬ 
change  and  was  experiencing 
some  problems  with  users  losing 


e-mail  and,  in  some  cases,  losing 
entire  mailboxes. 

Restoring  e-mail  and  mailbox¬ 
es  was  a  very  disruptive  and 
time-consuming  task  for  the  IT 


department,  because  to  do  so 
the  Exchange  Server  needed  to 
come  offline,  backup  tapes  had 
to  be  loaded  and  the  missing 
information  retrieved  through  a 


How  many  tools  do  you  use  to 
Certify,  Identify,  Configure  &  Document 
your  Ethernet  network? 

(That’s  too  many!) 


Introducing  Validator-NT 


The  All-in-One  Network  Management  Tool 


DOCUMENT  the  network  with  the  included  powerful 
Plan-Urn  software.  Create  layouts  of  offices/premises  or  import 
existing  Visio/AutoCAD  drawings.  Show 
cables  and  equipment  they  connect  to  in 
physical  locations.  Print  out  layouts  and 
corresponding  Cable  Test  Schedules.  The  Network 
Tool  section  of  Plan-Um™  allows  you  to  create  a  complete 
topology  layout  of  the  network  for  on-site  reference,  showing 
connections,  equipment  and  cable  pathways.  You  can  add  notes  to  each 
component  of  the  network  for  future  add,  changes,  and  move  legacy  information. 


Powerful  Plan-Um 
software  included 


Everything  you  need  to  Test,  Trace  and  Tune  your  Ethernet  Network. 


NT955 
MShP  only 
$1495.00 


Test-Urn  Inc. 

The  Intelligent  Test  Solutions  Company 

805-383-1500  •  FAX  805-383-1595  •  www.test-um.com 


CERTIFY  individual  Ethernet  cable  runs  up  to 
1  Gigabit  Speed  per  IEEE802.3  specifications. 

Test  for  TIA568  Interconnect  problems.  Determine 
fault  locations,  cable  length  and  delay  or  noise 
conditions.  Produce  and  print  cable  test  schedules 
and  cable  test  results.  Qualify  lines  for  VoIP  usage. 

IDENTIFY  active  components  of  your  network  on 
the  other  end  of  the  cable.  Identify  all  types  of  equipment 
and  port  service  discovery  with  advertised  speed  ratings 
and  DHCP  negotiation.  Access  IP  addresses,  ping  equipment 
and  flash  hubs/switches  for  positive  port  location. 


4"  color  LCD  screen 

Lithium/ion  battery 
provides  8  continuous 
hours  of  use 

Unlimited  flash 
card  memory 


CONFIGURE  links  between  nodes  at  Gigabit  speed. 

Check  IP  addresses  on  netmask,  Gateway/routers  and  domain 
name  servers.  Confirm  links  between  equipment  for  changes 
or  upgrades. 


very  inconvenient  and  laborious 
process. 

In  mid-2005,  this  branch  of 
Washington  State  evaluated 
Mimosa  Systems’  NearPoint,  an 
e-mail  management  system  de¬ 
signed  to  help  organizations 
better  manage  their  Exchange 
environment.  NearFbint  provides  a 
number  of  capabilities,  including 
policy-based  archival  of  e-mail, 
end-user  access  to  recovery  tools 
so  individuals  can  restore  miss¬ 
ing  or  deleted  e-mail,  disaster  re¬ 
covery  and  other  functions. 

Although  NearFbint  has  been 
operating  for  less  than  two 
months  at  this  operation  of  Wash¬ 
ington  State,  a  senior  manager  is 
pleased  so  far.The  archive  has  per¬ 
mitted  a  reduction  in  the  size  of 
the  overall  Exchange  database. 
Further,  the  IT  manager  has  cre¬ 
ated  some  general  groups  among 
her  users  based  on  the  length  of 
time  they  need  to  preserve  e-mail, 
allowing  users  to  define  how  long 
they  want  e-mail  to  be  retained. 
Plus,  users  can  go  back  as  far  as 
they  want  in  the  archive  to  recover 
old  e-mail.  Before,  if  the  e-mail 
they  wanted  to  recover  was  older 
than  30  days,  they  were  pretty 
much  out  of  luck. 

What  tools  such  as  NearFbint 
illustrate  is  the  critical  need  for 
archiving  and  related  capabilities 
in  most  organizations.  While 
much  of  the  focus  on  archiving 
has  been  on  regulatory  compli¬ 
ance  to  satisfy  demands  of  the 
Securities  and  Exchange  Com¬ 
mission,  for*  example,  the  real 
‘meat-and-potatoes’  of  archiving 
focuses  on  the  less  sexy,  but  more 
frequent,  requirement  to  recover 
individual  users’  missing  e-mails 
and  to  simply  manage  Exchange 
more  efficiently.  This  is  where 
archiving  can  really  shine  in  most 
organizations. 

Osterman  is  president  of 
Osterman  Research.  He  can  be 
reached  at  michael@osterman 
research.com 
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MANAGEMENT  STRATEGIES 

M  CAREER  DEVELOPMENT  K  PROJECT  MANAGEMENT  ■  BUSINESS  JUSTIFICATION 

Insurer  conquers  change  management 

An  IT  manager’s  account  of  the  obstacles  to  rolling  out  an  automated  process. 


mplementing  any  type  of  formal  process  is  never 
easy,  but  modifying  an  existing  process  that  works  is 


BY  ANDREW  ABRAMCZYK 

I 

That’s  what  we  found  to  be  the  case  at 
Erie  Insurance  as  we  automated  our  IT 
change-management  process.  Change 
management  refers  to  the  addition,  modifi¬ 
cation  or  removal  of  any  component  of  an 
IT  environment,  not  just  hardware  and  sys¬ 
tems  and  application  software.  A  firmware 
upgrade  to  a  switch  and  patch  installation 
on  a  server  are  a  few  examples. 

Six  years  ago,  we  had  a  mostly  manual 
change-management  process.  In  the 
years  since,  we’ve  made  incremental 
changes  that  resulted  in  our  present  auto¬ 
mated  system.  We  moved  slowly  and  pre¬ 
cisely,  with  the  idea  that  we  could  modify 
our  plan  as  we  went.  An  early  change  to 
the  process  was  our  move  to  an  e-mail- 
based  system  that  provided  some  work- 
flow  elements. 

Then  we  began  to  align  the  process 
with  the  best  practices  defined  in  the  IT 
Infrastructure  Library  (ITIL)  framework. 
Later,  we  used  SupportMagic  (now  called 
Magic  Service  Desk), the  change-manage¬ 
ment  module  in  BMC  Software’s  IT  ser¬ 
vice-management  tool.  At  first  we  used  it 
in  parallel  with  our  e-mail-based  system, 
but  eventually  we  migrated  our  entire 
process  to  it.  Erie  Insurance’s  roughly  500 
IT  employees  are  all  trained  to  use 
SupportMagic,  but  it’s  most  often  used 
within  the  operations  and  application- 
development  groups. 

There  were  some  bumps  along  the  way 
that  caused  us  to  stop  and  rethink  an 
approach,  a  step  in  the  workflow,  or  even 
how  a  screen  looked  and  how  the  busi¬ 
ness  rules  should  work.  What  follows  are 
some  of  the  biggest  challenges  we  faced 
and  how  we  worked  around  them  to 
achieve  our  objectives. 

Workers  thought  they  always  were  being 
watched. 

This  was  not  necessarily  true. We  put  a  for¬ 
mal  ITIL  wrap  on  the  change-management 
process  to  ensure  consistency  and  compli¬ 


ance.  We  had  to  hold  management 
accountable  for  how  their  staff  used  the 
change  process  and  for  how  well  changes 
were  performed. 

We  had  to  build  our  process  into  the 
ITSM  tool  in  such  a  way  that  we  could  eas¬ 
ily  see  how  it  was  being  followed:  Were  we 
consistent?  Were  we  improving?  We  need¬ 
ed  to  be  able  to  pull  the  core  data  com¬ 
ponents  of  the  request  for  change  (RFC) 
easily,  correlate  that  data  to  key  perfor¬ 
mance  metrics  and  ask:  Are  we  improving 
on  these  metrics? 

Now  we  easily  can  run  reports  based  on 
key  performance  metrics  and  provide 
good,  reliable  feedback  to  staff,  plus  iden¬ 
tify  gaps  in  the  process  that  need  to  be 
filled.  We  can  also  more  easily  set  targets 
against  which  everyone  can  be  measured. 
Some  of  these  metrics  are  the  number  of 
late  approvals,  complete  and  unsuccess¬ 
ful  changes,  incomplete  and  unsuccessful 
changes,  changes  that  were  not  complet¬ 
ed  within  the  change  window,  and 
changes  that  caused  a  service  impact. 

Staff  was  sensitive  to  the  results  of  a 
change  or  its  impact  on  service. 

This  was  a  big  factor  that  we  had  to  over¬ 
come  collectively  One  of  the  challenges  we 
faced  was  that  originally  the  people  per¬ 
forming  changes  had  to  look  objectively  at 
what  they  did  vs.  what  was  documented, 
and  then  evaluate  whether  their  changes 
were  successful  or  unsuccessful,  complete 
or  incomplete.  Staff  had  a  hard  time  doing 
this,  so  we  automated  the  classification 
process. 

Instead,  we  built  several  business  rules 
into  the  tool  that  would  look  at  the  post¬ 
assessment  data  entered  by  the  worker  per¬ 
forming  a  change  and  automatically  flag  it 
as  complete,  incomplete  or  withdrawn. 
Then  we  ran  a  management  report  against 
that  assessment  to  determine  whether  the 
change  should  be  further  considered  suc¬ 
cessful  or  unsuccessful. 


Automating  this  process  eliminated  much 
of  the  emotion  involved.  And  by  manage¬ 
ment  not  overreacting  to  the  results  of  a 
particular  change  but  instead  analyzing  the 
metrics  to  see  how  well  the  entire  change 
process  is  being  used  over  time,  we  can 
identify  areas  that  need  attention  and 
employees  who  are  struggling  with  manag¬ 
ing  their  changes. 

Would  we  control  automation  or  would  it 
control  usP 

We  didn’t  fully  automate  our  process  until 
we  experimented  with  different  workflow 
approaches  and  RFC-logging  abilities. 
Going  through  this  process  allowed  us  to 
determine  how  we  needed  a  tool  to  work 
and  to  develop  business  mles  that  met  our 
needs.  It  also  enabled  us  to  restrict  who  can 
modify  a  change,  who  can  approve  at  spe¬ 
cific  points  in  the  workflow  and  who  is 
responsible  for  assessing  the  change.  We 
came  out  with  a  solid  process  that  works 
better  because  we  shaped  the  automation 
process,  as  opposed  to  having  an  automat¬ 
ed  system  dictate  how  our  process  works. 

We  needed  an  audit  trail,  a  better  way  to 
track  changes. 

We  also  had  to  overcome  the  problem 
of  using  an  inadequate  tool  —  our  e-mail 
workflow  —  to  manage  our  changes.  The 
e-mail  system  lacked  an  audit  trail,  so  it 
could  not  track  changes  as  they  went 
through  the  approval  and  assessment 
process. 

We  focused  on  how  to  track  changes 
properly  and  audit  what  was  done  to  them, 
which  helps  tremendously  with  both 
Sarbanes-Oxley  audits  and  individual  per¬ 
formance  assessments.  Now  we  can  see 
where  a  change  is  in  the  workflow,  when  it 
was  made,  whether  or  not  an  approval  was 
made  and  when,  and  whether  or  not  any 
fields  in  the  original  RFC  were  improperly 
modified  and  by  whom.  This  in  turn 
allowed  us  to  determine  key  areas  for 
improvement.  For  example,  we  can  target 
managers  who  repeatedly  approve  their 
changes  late. 

Entering  multiple  changes  with  different 
start  dates. 

What  was  the  one  thing  we  could 
build  into  the  tool  that  would  be  a  sell¬ 


Andrew  Abramczyk  tells  how  his  company 
made  the  tough  transition  to  automation. 


ing  point  for  anyone  using  it?  When  we 
were  determining  this,  the  concept  of 
multiple  changes  with  different  start 
dates  came  to  mind. 

In  rollouts  there  are  often  places  where 
a  change  has  to  be  repeated  on  different 
devices  or  code,  such  as  for  patch  man¬ 
agement,  virus  updates  or  firewall 
changes.  In  our  manual  system,  changes 
would  need  to  be  re-entered  and  resub¬ 
mitted  each  time  they  repeated.  We 
decided  to  build  a  feature  into  the  tool 
that  would  let  change  initiators  save  their 
change  as  templates. This  allows  them  to 
call  up  a  change  at  a  later  date,  make 
minor  modifications  and  resubmit  it, 
obviating  the  need  to  re-enter  RFCs.This 
feature  was  a  huge  selling  point  and  a 
big  timesaver  for  workers  making 
changes. 

These  are  just  a  few  of  the  obstacles  we 
overcame  while  incorporating  our  change- 
management  process  into  our  ITSM  tool. 
While  we  would  consider  the  effort  suc¬ 
cessful,  we  also  understand  that  everything 
is  open  for  debate  and  can  be  improved. 
We  continually  strive  to  ensure  we  are 
heading  in  the  right  direction,  and  we 
always  look  for  ways  to  make  things  more 
efficient  and  effective. 

Abramczyk  is  manager  of  IT  Information 
Services  within  the  Operations  and  Support 
department  of  Erie  Insurance  Group.  He  can 
be  reached  at  Andrew.Abramczyk@eriein 
surance.com. 
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Centrally  Discover,  Support  and 
Manage  your  Systems.  Anywhere. 


Do  you  know  where  your  oldest  computer  is?  Need  to  locate  and  upgrade  your 
Windows  98  systems?  Are  you  overpaying  on  unused  software  licenses?  Which 
employees  are  spending  the  most  time  surfing  the  web?  Find  out  fast  with 
NetSupport  DNA. 


Managing  your  company's  IT  assets  means  more  than  just  selection  and 
maintenance.  Reporting,  inventory,  deployment  and  forecasting  are  also  part  of  the 
job.  NetSupport  DNA  is  an  easy  to  use  IT  asset  management  solution  that  provides 
you  with  the  tools  you  need  to  get  to  know  your  network. 


Unlike  other  solutions,  NetSupport  DNA  does  not  require  certified  training  or  have  a 
complex  implementation  path.  It  offers  all  of  the  functionality  you'd  expect  from  an 
award  winning  asset  management  suite,  but  with  only  a  30  minute  implementation 
path. 


NetSupport  DNA  combines  powerful  hardware  and  software  inventory  with  software 
distribution,  application  and  internet  metering,  pc  remote  control,  enterprise 
reporting  and  a  web-based  help  desk  solution. 


What's  on  your 

Network? 

Find  out  with  NetSupport... 


NETSUPPORT 

□  NA^ 

NetSupport 


Visit  www.netsupport-inc.com  and  download  a  full  trial  license  today.  Sales:  1-888-665-0808 

And  in  30  minutes  start  viewing  your  vital  Asset  Information.  www.netsupport-inc.com 


SERVERS  Wll 
FROM 


LOCAL  OR  REMOTE  SERVER  MANAGEMENT  SOLUTIONS 


UltraMatrix™ 

Remote 


KVM  OVER  IP 


MATRIX  KVM  SWITCH  WITH 
INTEGRATED  REMOTE  ACCESS  OVER  IP 


System-wide  connectivity  over  IP  worldwide  and  locally 
Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX,  serial  devices 
High  quality  video  up  to  1280  x  1024 
Secure  encrypted  operation 

View  real-time  video  from  4  computer  connections  with 
quad-screen  mode 


UltraMatrix™ 

E-series 


N  YOUR  REACH 

:_e 


■  PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


KVM  SWITCH 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status  between  units 

in  an  expanded  system 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280 

Available  in  several  models 


•  Easy  to  expand 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches  with  IP  access.  It  The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technology,  at  an 

provides  a  comprehensive  solution  for  remote  server  access  over  IP  and  local  as  well.  affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  user  stations  to  as  many  as 

1,000  computers.  The  UltraMatrix  E-Series  is  available  in  several  sizes:  2x4,  2x8,  2x16, 
4x4,  4x8,  4x16,  1x8,  and  1x16  in  either  PC  or  multi-  platform. 


KVM  RACK  DRAWERS  WITH  KVM  SWITCH  OPTION 


RackViews  offer  the  latest,  most  efficient  way  to  organize  and  streamline  your 
*  ’.  server  rooms  and  multiple  computers. 

the  RackView.  is  a  rack  mountable  KVM  console  neatly  fitted  in  a  compact  pull-out 
drawer.  This  easy-glide  KVM  drawer  contains  a  high-resolution  TFT/LCD  monitor,  a 
tactile  keyboard,  and  a  high-resolution  touchpad  or  optical  mouse. 


ROSE  US 
FOSE  EUROPE 
ROSE  ASIA 
•'OSE  AUSTRALIA 


XtendVue 

Vertical  Rack  mountable  LCD 
With  Built-in  KVM  Extender 


281  933  7673 
+  44  {0)  1264  850574 
+  65  6324  2322 
+  617  3388  1540 


800-333-9343 


RackView  RackView  RackView  RackView 

Fold-Forward  Fold-Back  LCD  Monitor  Keyboard 
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Golden  State  Foods  exceeds  goals 
with  OmniCenter 

. . M«""wmiiTriMWWT[rii»»mnMfiii^ 


Michael  Bourque,  Technical  Services  Manager  of  Golden  State  Foods,  speaks  about 
his  experience  with  Netreo’s  OmniCenter™  network  management  appliance. 


Golden  State 
Foods  (GSF) 
has  processed 
and  distributed 
replenishable 
supplies  to 
McDonald’s 
Corporation 
since  it  opened  its  first  restaurants 
in  the  1950s.  GSF’s  worldwide  op¬ 
erations  include  locations  across 
the  United  States,  Egypt,  Australia, 
and  Malaysia. 

Q:  What  made  you  decide  to  look 
at  changing  network  management 
platforms? 


detect,  diagnose,  and  fix  a  problem  be¬ 
fore  any  users  were  aware  something 
was  wrong.  With  this  information  we 
can  investigate  problems,  determine 
capacity,  and  plan  for  the  future  or 
justify  technology  decisions. 

Q:  How  long  did  it  take  to  see  payback 
from  the  investment  in  OmniCenter? 

A:  The  payback  was  almost  immedi¬ 
ate.  Right  after  installing  it,  we  were 
alerted  that  one  of  our  iSeries  servers 
was  running  out  of  disk  space  and 
we  were  able  to  catch  it  before  it 
crashed.  The  financial  impact  would 
have  been  tremendous.  It  would  have 
taken  a  team  of  about  ten  highly  paid 


system  admins  and  programmers  a 
week  to  a  week  and  half  to  get  all  the 
data  back  in  order. 

OmniCenter  has  made  dramatic 
differences  in  the  lives  of  all  of  our 
IT  and  Help  Desk  personnel.  By  re¬ 
lieving  them  of  routine  “babysitting” 
chores,  OmniCenter  allowed  us  to 
reach  about  125  percent  of  our  busi¬ 
ness  goals  for  last  year. 

Q:  Many  network  management 
platforms  require  a  huge  project  to 
implement  and  take  months  or  years 
to  complete.  What  was  the  OmniCenter 
implementation  like? 


A:  It  was  like  “flipping  on  a  switch.” 
Once  the  Omnicenter  was  in  and 
the  initial  configuration  was  setup 
we  were  monitoring  our  systems. 
In  just  one  day,  we  were  able  install 
OmniCenter  and  configure  it  to  poll 
fifteen  different  sites  and  hundreds 
of  different  devices,  including  our  IP 
video  conferencing  system.  Overall 
it  was  a  very  simple  and  stress-free 
implementation. 


Michael  Bourque  has  been  with  Golden  State 
Foods  for  9  years.  He  carries  the  MCSE, 
CCNA,  C.NE,  IBM  Certified  Professional  and 
Lotus  Notes  certifications.  His  responsibilities 
include  all  aspects  of  GSF’s  network  infra¬ 
structure,  including  network  security,  email 
and  web  systems,  and  AS400. 


A:  Our  network  was  growing  at  a 
very  rapid  pace  and  it  was  hard  to 
keep  up.  So  instead  of  hiring  more 
admins,  we  needed  something  to 
help  us  fight  the  battle  of  keeping  up 
with  all  of  our  locations  and  diverse 
systems. 

Q:  What  criteria  did  you  use  to 
evaluate  them? 

A:  Our  criteria  for  selection  was  first, 
does  it  interact  with  all  our  diverse 
systems.  Second,  can  this  all  be  done 
from  one  central  location  without 
impacting  the  Wide  Area  Network? 
We  also  considered  complexity.  We 
didn’t  want  something  you  needed 
to  go  to  a  week  of  classes  and  still 
couldn’t  understand  how  it  works  or 
how  to  make  any  changes.  And  final¬ 
ly  there  was  cost,  OmniCenter  gives 
you  more  bang  for  the  buck  than 
anything  else  I  have  seen. 

Q:  What  Is  the  main  benefit  to  your 
company  that  OmniCenter  provides? 

A:  OmniCenter  keeps  us  alerted  and 
aware  of  what  is  going  on  so  we  can 
be  more  proactive  and  not  reactive. 
It  gives  us  an  overall  view  of  the 
performance  and  availability  of  all 
our  network  assets,  which  allows  us  to 


Network  management 
has  always  been 
complex, 
time-consuming, 
and  expensive. 


Netreo's  OmniCenter™  family  of  network  management  appliances 
have  helped  hundreds  of  America's  leading  corporations  and 
universities  dramatically  reduce  IT  management  costs  and  improve 
availability.  Our  agentless  and  clientless  architecture  makes  the 
process  of  managing  even  the  largest  and  most  complex  environments 
remarkably  simple,  and  makes  implementation  a  breeze. 


OmniCenter 

IT  Management  Redefined. 


Come  see  our  in-depth  case  studies  at  http://www.netreo.net/nw/ 
and  discover  how  we  can  help  simplify  your  IT  management. 


IMetrea 

www.netreo.net/nw/ 

(866)NETRE01 


(ROAD TEST) 
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Fault  Management  •  Performance  Reporting  •  Security  Managment  •  VoIP  Management  •  Intrusion  Detection  •  Protocol  Reporting 


Servers,  routers,  and  other  electronic  equipment  occasionally 
“lock-up”,  often  requiring  a  service  call  to  a  remote  site  just  to 
flip  the  power  switch  to  perform  a  simple  reboot.  With  WTI’s 
Remote  Power  Switches,  you  can  perform  reboot  and  On/Off 
control  from  anywhere! 


Web  Browser  Access  for  Easy  Setup  and  Operation 

Vertical  or  Horizontal  Zero  U  Space  Mounting  Options 

Dual  15  or  20  Amp  Power  Circuits 

Switch  up  to  8,320  Watts 

115  VAC  Models  -  NEMA  5-1 5R  Outlets 

208/230  VAC  Models  -  IEC320-C13  Outlets 

Up  to  Sixteen  (16)  Individual  Outlets 

Power-Up  Sequencing 

RS232  Modem/Console  Port 

Accepts  Standard  C-19  to  L5/6-20P  Power  Cords 


Web  Browser  Interface 


DUA LtPWP 


IPS- 1600 


Yes,  We  are  Customer  Friendly! 

/  Two  Year  Warranty 

V  We  Stock  for  Same  Day  Shipment 
>/  30  Day  Return  Policy 

V  Cali  or  Email  for  an  Online  Demo 


Dual 

Power 

Inputs 


Model 

NBB-1600 

www.wti.com 


western  telematic  incorporated 

5  Sterling  *  Irvine  •  California  »  92618-2517  *  (800)  854-7226 


SENSAPHONE 
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TM 


ASA 
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Monitor  the  REST  of  your  Computer  Room! 

T* 


Water  on  the  Floor 

Temperature 

Power  Problems 

Security 

Smoke  and  Fire 

Humidity 

Video 

And  much  more 


Sends  Monitors  Embedded 

SNMP  64  Web 

Messages  IP  addresses  Server 


Sends 

E-Mail 


Power 

Outage 

Alarming 


Dealers  Wanted 


Internal  Voice, 

Power  Ethe'rnet  Modem 
Control  Port  &  Pager  Port 
Interface 


Sensor  Inputs 

(Temperature.  Humidity, 
Water,  Motion,  Power, 
Smoke/Rre) 

Expandable 


Internal 

UPS 
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Microphone 

for  Sound 
Monitoring 


SENSAPI  ONE 

Tel:  877-373-2700 

901  Tryens  Road 

www.ims-4000.com 

Aston,  PA  19014 

MiniGoose 

Climate  Monitor 


Camera 

$199 


MiniGoose  $199 


WeatherGoose  $399 


Clear  out  problems  with  Observer  1 1 .  Now  with  enterprise  strength  VoIP  analysis.  New  features  include  an  enhanced 
VoIP  Expert,  Quality  Scoring,  Call  Detail  Records,  MultiHop  Analysis,  and  64-bit  Windows  support.  It's  time  to  reset  your  analyzer. 


INSTRUMENTS 


Wired  to  wireless.  LAN  to  WAN.  One  network  -  complete  control. 

US  &  Canada  UK  &  Europe 

toll  free  800.526.5958  +44  (0)  1959  569880 

www.networkinstruments.com/analyze 


d VoIPs 


enhanced  VoIP  support 


Current  sniffer  can't  keep  up? 
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Increase  your  data  center  availability 

...with  APC  Rack  Power  Distribution 


Avoid  overloading  circuits 

Monitor  the  current  draw  as  you  install  equipment 

Protect  circuit  from  unauthorized  use 

Turn  outlets  off  when  not  in  use 

Avoid  in-rush  current  overload 

Outlets  are  turned  on  sequentially 

Manage  power  via  Network  Interfaces 

Built-in  Web,  SNMP,  Telnet  support 


Power  Distribution  Units 

•  Basic:  Vertically  and  horizontally  mounting  with  a 
range  of  amps  and  voltages 

•  Metered:  Ability  to  monitor  the  current  draw  and 
set  alarm  thresholds  that  when  exceeded,  provide 
both  visual  and  audible  alarms 

•  Switched:  Advanced,  remote  power  distribution 
and  control.  User  configurable.  Users  can  configure 
the  sequence  in  which  power  is  provided  to 
individual  receptacles  upon  start  up. 


Enter  to  WIN  a  FREE  APC  Rack  PDU  today. 

Visit  http://promo.apc.com  Key  Code  i377x  •  Call  888-289-APCC  x6829  •  Fax  401-788-2797 

©2005  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners  E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road.  West  Kingston.  Rl  02892  USA 


APC's  advanced  power  distribution  units 
distribute,  monitor  and  remotely  control 
power  in  rack  enclosures. 

Now  you  can  remotely  control  power  to 
individual  outlets  and  monitor  aggregate 
power  consumption  via  local  and  remote 
displays.  Access,  configure  and  control  the 
APC  Switched  Rack  PDU  through  Web, 
SNMP  orTelnet  interfaces. 

From  basic  power  distribution  to  controllable 
outlets,  APC  has  solutions  up  to  14.4  kW  to 
fit  your  IT  environment  needs.  See  our  entire 
line  of  rack  PDUs  online  at  www.apc.com. 


Every  product  carrying  this  mark  has  been 
tested  and  certified  for  use  with  InfraStruXure 
architecture.  Before  you  buy,  check  for  the  X  to 
guarantee  product  compatibility. 
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With  over  15  million 
satisfied  customers, 

TM 

APC's  Legendary  Reliability 
guarantees  peace  of  mind. 


A 3 

Legendary  Reliability* 
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m  Instantly 
m  Terabytes  ofText 


images 


‘Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a  single  index 
and  returns  results  in  less  than  a  second”  —  InfoWorld 

♦  over  two  dozen  indexed,  unindexed,  fielded  data  and  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF,  while  displaying  links,  formatting  and 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet,  email  and 
attachments,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 

♦  Spider  supports  static  and  dynamic  Web  content,  with  WYSWYG  hit-highlighting 

♦  optional  API  for  C++,  .NET,  Java,  SQL,  etc.  Ask  about  new  .NET  Spider  API 


DeveloperQuotes  and  Reviews 


pro 


dtSearch  vs.  the  competition: 

“dtSearch  easily  overpowered  the 
document  indexing  and  searching 
abilities  of  other  solutions,  especially 
against  large  volumes  of  documents” 

Reliability:  “dtSearch  got  the  highest 
marks  from  our  systems  engineering 
folks  that  I've  ever  heard  of” 

Results:  “customer  response  has  been 
phenomenal” 

For  hundreds  more  reviews  and  developer 
case  studies,  see  www.dtsearch.com 

Contact  dtSearch  for  fully-functional 
evaluations 


‘For  combing  through  large  amounts  of 
data,  dtSearch  ...  leads  the  market” 

—  Network  Computing 

‘Blindingly  fast”  —  Computer  Forensics: 
Incident  Response  Essentials 

‘Super  fast,  super-reliable” 

—  The  Wall  Street  Journal 

‘A  powerful  arsenal  of  search  tools” 

—  The  New  York  Times 

‘Powerful  Web-based  engines”  —  eWeek 
‘Blazing  speeds” 

—  Computer  Reseller  News  Test  Center 

‘The  most  powerful  document  search  tool 
on  the  market”  —  Wired  Magazine 


The  Smart  Choice  for  Text  Retrieval®  since  1991 


r 


networkTAPs 


TAP  Into  Your  Network 


Only  a  TAP  can  provide  a  complete  copy  of  data  from  full-duplex  links  at  line  rate  for 
monitoring  devices.  Without  a  TAP,  a  monitoring  device  may  be  fed  incomplete  and 
misleading  information-creating  false  positives  and  overlooking  network  problems 
that  actually  do  exist.  Visit  www.networkTAPs.com/visibility  today. 


Copper  nTAPs 

10/100 . ..$395 

10/100/1000 . .$£#.....$795 


Copper  to  Optical 
Conversion  nTAPs 

SX  or  LX . $1,495 


Optical  nTAPs 

One-Channel . $395”  ....$295 

Two-Channel . $79tf....$575 

Three-Channel  ....$VH?5\...$845 

I 


I 
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To  learn  more  about  how  nTAPs  can  boost  your  network  visibility,  which  configuration  option 
is  best  for  you,  and  to  check  out  new  pricing  go  to  www.networkTAPs.com/visibility 
or  call  866-GET-nTAP  today.  Free  overnight  delivery.* 


F€  C€ 


‘Free  overnight  delivery  on  all  Ui.  orders  over  $295  confirmed  before  12  p.m.  Central  Time. 
aTAP  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC. 
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1.408.727.1122 

mfo@recurrent.com 
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3431  De  La  Cruz  Blvd,  Santa  Clara,  CA  95054 


yeuowwcker 

802.1  Ibg  W-LAN  ANALYZER 

►  2.4  GHz  (802.11b  &  g)  SPECTRUM  ANALYSIS 

>■  Locate  hackers  and  rogue  AP’s 
>■  Pinpoint  specific  interference  sources 
>•  Install  &  secure  Wi-FI  networks 


Yellowjacket* 
Hive  screen 


Yellouijacket®  Hive 
Software 

Site  Initiator/Supervisor/ 
Investigator  indoor/outdoor 
mapping  W-LAN  coverage 
solution 


Berkeley  Varitronics  Systems  Mftucheh,  NJ  08840 

(732)548-3737  www.bvsystems.corn 
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times  that  I  took  the  exam.” 

Sequeira  passed  the  lab  exam 
in  January  joining  the  ranks  of 
12,967  network  engineers  who 
have  aced  the  grueling  hands-on 
test. 

For  most,  passing  the  CCIE  lab 
exam  requires  studying  as  many 
as  1,000  hours  and  maintaining  a 
laser-like  focus  that  leaves  spous¬ 
es,  children  and  hobbies  by  the 
wayside. The  lab  exam  also  costs 
big  bucks,  with  the  purchase  of 
workbooks,  preparatory  courses, 
racks  of  Cisco  equipment,  exam 
fees  and  travel  reaching  as  high 
as  $20,000. 

The  lab  exam  is  so  difficult  that 
it  has  taken  on  mythic  propor¬ 
tions  in  the  network  industry 
CClEs  talk  about  how  physically 
taxing  the  process  is  and  list  it 


Where  CCIEs  work 

Those  passing  the  exam 
are  well  represented  across 
many  industry  segments. 


Small/midsize  business 

5%n 


Enterprises  1 9%  *-  Cisco  26% 


Service 

providers 

15% 


Consulting  firms 

35% 


SOURCE:  CISCO 


among  their  greatest  accomplish¬ 
ments. 

“The  CCIE  was  infinitely  more 
difficult  for  me  than  anything 
else  I’ve  ever  done,”  says 
Sequeira,  a  senior  technical 
instructor  for  Thomson  NETg  in 
Scottsdale,  Ariz.,  who  holds  CCIE 
No.  15626. 

“Everything  1  had  ever  done,  I 
had  excelled  at.  If  you  had  told 
me  that  I  would  fail  the  CCIE  four 
times  before  1  passed  it,  1  would 
have  said  that  was  not  possible,” 
he  says. 

Rus  Healy  was  speechless  when 
Ke  found  out  in  August  2005  that 
he  bad  passed  the  CCIE  lab  exam 
on  his  fourth  try  Healy,  who  holds 
CCIE  No.  15025,  is  program  man¬ 
ager  for  technical  training  and 
certifications  at  Microwave  Data 


GGIE  exam  at  a  glance: 

Number  of  people  who  have  passed:  12,967  (as  of  2/1/2006) 


Number  of  CCIEs  in  the  United  States: 

4,249  (as  of  2/1/2006) 

Pass  rate: 

26%  over  the  13-year 
life  of  the  program 

Average  number  of  times  it  takes  to  pass  the  lab  exam: 

2.5 

Number  of  people  who  take  the  written  exam  each  year: 

12,000 

Number  of  people  who  take  the  lab  exam  each  year: 

8,000 

Number  of  CCIE  books  sold  by  Cisco  Press: 

100,000 

Average  salary  of  a  CCIE: 

$102,000 
(per  TGPmag.com) 

SOURCE:  CiSCO 

Systems  in  Rochester,  N.Y 

“I  got  an  e-mail  from  my  proctor 
saying  congratulations  while  I 
was  at  the  airport  waiting  for  my 
flight  home  from  the  exam,”  Healy 
says.“I  called  my  wife,  and  1  was 
crying. ...  I  have  never  felt  any¬ 
thing  like  it.  It  was  such  an  incred¬ 
ible  feeling  of  achievement.” 

The  CCIE  has  been  considered 
the  most  difficult  certification  in 
the  IT  industry  since  its  launch  in 
1993.  It  has  two  parts:  a  written 
exam  and  a  practical  lab  test.The 
CCIE  is  offered  in  five  tracks:  rout¬ 
ing  and  switching;  security;  ser¬ 
vice  provider;  storage  network¬ 
ing;  and  voice.The  most  popular 
track  is  routing  and  switching. 

“Over  the  life  of  the  program, 
the  overall  pass  rate  has  usually 
been  26%, ’’says  Mike  Reid, senior 
manager  of  CCIE  programs  for 
Cisco,  which  won’t  reveal  the 
pass  rate  for  last  year.  “We  target 
the  material  at  an  expert  level. 
The  pass  rate  is  secondary’ 

The  written  exam,  which  in¬ 
cludes  multiple-choice  and  fill-in- 
the-blank  questions,  is  relatively 
easy,  and  people  usually  pass  it 
on  the  first  or  second  try.  Each 
year  around  12,000  people  take 
the  CCIE  written  exam,  which  is 
available  at  testing  facilities  run 
by  Pearson  VUE  or  Prometric. 

“The  written  exam  is  easier 
because  it’s  in  a  more  traditional 
format,”  Reid  says.  “It’s  a  theory 
exam.  People  generally  try  to 
study  for  it  by  sitting  down  with  a 
book  and  reading  it.You  can’t  do 
that  with  the  lab  exam  because 
you  need  hands-on  practice.” 

Network  engineers  must  pass 
the  written  exam  before  they  are 
eligible  to  take  the  lab  exam, 
which  is  available  at  10  Cisco 
facilities  worldwide.  Around  8,000 
people  take  the  CCIE  lab  exam 
each  year.  One  person  has  taken 
it  19  times  and  still  hasn’t  passed. 

The  lab  exam  is  difficult  be 
cause  it  tests  practical,  problem¬ 
solving  skills.Test  takers  have 
eight  hours  in  the  lab  to  properly 
configure  and  troubleshoot  Cisco 
network  gear. They  need  to  get 
80%  of  the  possible  points  to 
pass. 

Passing  the  lab  exam  requires 
hands-on  experience,  speed  and 
the  ability  to  remain  calm  in  the 
face  of  extreme  pressure. 

“On  my  third  and  fourth 
attempts,  I  had  the  knowledge 
but  I  simply  didn’t  have  the 
speed,  the  task  analysis  and  the 
troubleshooting  skills,”  Sequeira 
says.“When  you  have  a  problem 


in  your  rack,  you  can’t  take  15 
minutes  to  find  it.You  literally 
should  be  able  to  find  and  fix 
that  problem  within  minutes.” 

Network  engineers  who  pass 
the  CCIE  exam  get  a  designated 
number  to  use  on  business  cards 
and  e-mail  signatures.They  also 
receive  a  plaque  from  Cisco  and 
are  eligible  to  purchase  CCIE 
office  items  and  apparel.  Cisco 
sponsors  online  forums  for  CCIEs 
and  automatically  routes  them  to 
more  experienced  technical  sup¬ 
port  staff. 

CCIEs  need  to  renew  their  certi¬ 
fications  every  two  years  by  tak¬ 
ing  a  written  exam.  But  they 
never  have  to  take  the  dreaded 
lab  exam  again. 

It’s  rare  to  pass  the  CCIE  lab 
exam  on  the  first  try  But  that’s 
what  happened  to  Wendell 
Odom,  who  holds  CCIE  No.  1624. 
He  passed  the  exam  in  1995  after 
studying  for  one  day 

“I  had  the  perfect  job  to  pre¬ 
pare  you  to  pass  the  exam,”  says 
Odom,  who  works  as  a  senior 
instructor  for  Skyline  Advanced 
Technology  Services  in  Camp¬ 
bell,  Calif.  “I  taught  all  of  the 
classes  that  Cisco  recommended 
at  the  time  you  take  for  the  CCIE. 

I  also  did  consulting  work  for 
enterprises.” 

Odom  says  he  was  lucky  to  get 
an  exam  that  focused  on  IBM 
protocols,  which  he  knew  well. 
The  test  was  so  easy  for  him  that 
he  finished  the  build  portion  of 
the  exam  an  hour  and  a  half 
early 

“I  could  have  shown  up  on  the 
next  day  and  gotten  an  exam 
that  focused  on  DEC  or  Apple 
protocols,  and  I  wouldn’t  have 
passed,”  Odom  says. 

Most  CCIEs  have  to  work  harder 
than  Odom  did  to  pass  the  lab 
exam. 

Robert  Yee  studied  five  or  six 


hours  each  night  and  16  hours 
per  day  on  the  weekends  in  the 
months  leading  up  to  taking  the 
lab  exam.  He  bought  a  rack  of 
Cisco  equipment  and  set  it  up  in 
his  house.  He  took  a  week  off  of 
work  and  attended  a  CCIE  boot 
camp.  He  passed  the  lab  exam  in 
May  2003  on  his  second  try 

“The  last  month,  my  studying 
was  very  intensive,”  says  Yee,  who 
now  is  the  manager  of  network 
engineering  for  J2  Global  Com¬ 
munications  in  Los  Angeles.Yee 
had  nine  years  of  IT  experience, 
including  four  years  of  operating 
Cisco  routers,  switches  and  fire¬ 
walls,  before  he  decided  to  take 
the  exam. Yee  is  CCIE  No.  11716. 

Yee  says  his  wife  Sara,  an  insur¬ 
ance  agent,  was  supportive  dur¬ 
ing  the  months  he  was  studying 
for  the  exams.“She  knew  this  was 
a  big  test,  and  if  I  could  pass  this 
it  would  be  a  big  deal,”  he  says. 

Yee  estimates  he  spent  $16,000 
on  the  CCIE  exam,  including 
Cisco  equipment,  the  boot  camp 
class,  books  and  exam  fees.  His 
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employer  at  the  time  didn’t  reim¬ 
burse  employees  for  CCIE-related 
expenses  or  give  bonuses  for 
passing  the  test. 

“It’s  a  big  investment,  but  I  knew 
it  was  an  investment  in  myself 
and  my  family/ Yee  says. 

Test  takers  receive  e-mail  notice 
within  48  hours  that  they  have 
passed  or  failed  the  exam.  People 
respond  to  passing  the  test  in  dif¬ 
ferent  ways.  Many  burst  into 
tears.  Others  get  drunk.  Most  cele¬ 
brate  with  their  loved  ones. 

“My  favorite  experience  as  a 
proctor  in  the  CCIE  exam  lab  is 
one  guy  who  before  he  took  the 
exam  showed  me  that  he  had  an 
engagement  ring  in  his  pocket,” 
says  Kathe  Saccenti,  product 
manager  for  CCIE  programs  at 
Cisco.  “He  said  that  when  he 
passed  the  exam  his  next  step 
was  engagement.” 

Maurilio  Gorito,  a  customer  sup¬ 
port  engineer  with  Cisco’s  CCIE 
program,  took  a  20-day  vacation 
in  his  native  Brazil  with  his  family 
after  passing  the  lab  exam.  Gorito 
spent  eight  months  studying  as 
much  as  40  hours  per  week  to 
pass  the  written  and  lab  exams. 
He  took  the  written  exam  five 
times  and  passed  it  in  December 
1997.  He  took  the  CCIE  lab  exam 
twice  and  passed  it  in  June  1998. 

‘After  I  passed,  my  wife  got  a  lit¬ 
tle  sick  from  all  the  effort  she  did 
while  I  studied,”  says  Gorito,  who 
holds  CCIE  No.  3807.  “I  had  put 
my  sons,  who  were  7  and  8  at  the 
time,  aside.  We  needed  to  take 
some  time  together  and  relax  as 
a  family 

Passing  the  exam  means  pres¬ 
tige  and  money  for  most  network 

See  CCIE,  page  67 
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Open  season 


Commercial  vendors  are  backing  open  source  in  a  big  way,  snapping  up  open  source  companies 
and  releasing  free  versions  of  their  own  software.  A  look  at  some  recent  activity: 


January 

Sun  opens  Solaris,  its  version  of  Unix. 

May - 


IBM  acquires  open 
source  infrastructure 
software  firm  Gluecode. 


November - 

IBM  releases  a  free  version 
of  its  WebSphere  application 
server,  incorporating  open 
source  technology  it 
acquired  with  Gluecode. 


Jan.  30 

IBM  releases 
a  free  version 
of  DB2. - 1 


2005 


October - 

Check  Point  announces  plans  to  acquire  open  source 
intrusion-detection  software  vendor  Sourcefire. 


J 


J 


2006 


December 

Sun  says  it  will  release  its  entire 
Java-based  middleware  stack  to 
the  open  source  community. 


-  Feb.  6 

VMware  releases  VMware 
Server,  a  free  version  of  its 
server  virtualization  software. 

:□ 

^ —  Feb.  14 

Oracle  buys  open  source 
database  vendor 
Sleepycat  Software. 


Open  source 

continued  from  page  1 

company  in  Quincy  Mass.“One  of 
the  main  reasons  that  CitiStreet 
likes  to  deal  with  vendors  such  as 
JBoss  is  that  our  senior  technical 
staff  can  deal  with  their  technical 
staff,  instead  of  having  to  deal  with 
useless  layers  in  between,” he  says. 
“We  don’t  buy  software  because 
of  fancy  brochures  or  well- 
dressed  sales  staff.  We  buy  soft¬ 
ware  to  gain  benefit  from  great 
programmers.” 

Another  concern  with  commer¬ 
cial  vendors  acquiring  open 
source  companies  is  the  possibili¬ 
ty  that  the  software  could  be 
applied  to  enhance  proprietary 
products. 

“The  question  that  customers 
need  to  pay  attention  to  is  what  is 
going  to  happen  to  the  code  that 
was  open  source,” says  Bob  Igou,a 
research  director  at  Gartner.“Does 
it  remain  open  source?  Is  the 
acquiring  company  going  to 
make  sure  it’s  even  better  tested 
and  quality  assured  and  provide 
services  around  it?  Or  are  they 
worst  case  going  to  cannibalize  it 
and  integrate  it  into  something 
else  they’re  doing  and  in  a  sense 
the  open  source  product  goes 
away?” 

It  remains  to  be  seen  how  these 
acquiring  vendors  will  treat  their 
new  open  source  assets.  Users  are 
watching  with  caution. 


“It’s  a  bit  too  early  to  know 
whether  [this  trend]  will  be  bene¬ 
ficial,”  says  Corey  Ostman,  director 
of  new  technology  initiatives  at 
PriceGrabber.com  in  Culver  City 
Calif.  “One  of  the  biggest  chal¬ 
lenges  would  be  if  these  commer¬ 
cial  companies  morph  the  [open 
source]  products  in  such  a  way 
that  they  no  longer  offer  leading- 
edge  technologies.” 

Even  if  that  does  happen, 
Ostman  says  he  is  convinced  that 
the  open  source  community  like¬ 
ly  will  develop  alternatives  to  fill 
the  gap. 

“The  open  source  marketplace 
has  always  been  competitive  and 
dynamic,”  he  says. 

It’s  that  kind  of  innovation,  cou¬ 


pled  with  growing  corporate 
interest,  that  is  driving  commer¬ 
cial  vendors  to  take  a  closer  look 
at  their  open  source  counter¬ 
parts. 

“The  jig  is  up  for  commercial 
vendors,”  says  Richard  Monson- 
Haefel,  a  senior  analyst  at  Burton 
Group.“They’re  discovering  that  in 
certain  cases  open  source  soft¬ 
ware  is  basically  pulling  the  rug 
out  from  under  them  by  com¬ 
moditizing  the  market.” 

“They’ve  tried  to  resist  . . .  origi¬ 
nally  by  spreading  fear,  uncer¬ 
tainty  and  doubt,  and  then  by 
challenging  the  quality  of  the 
software.  But  now  they’re  buying 
the  companies  that  are  sponsor¬ 
ing  the  [open  source]  work,”  he 
says. 

Gartner  predicts  that  by  2010, 
software  vendors  that  don’t  incor¬ 
porate  open  source  software  into 
their  products  risk  becoming  un¬ 
competitive  because  of  the  cost 
associated  with  relying  on  in- 
house  engineering  resources. 

Part  of  the  allure  for  commercial 
vendors  is  the  opportunity  to 
attract  more  developers  with  low- 
cost,  open  products,  with  the  hope 
of  driving  business  upstream  into 
more  robust  —  and  expensive  — 
offerings  for  broader  production 
deployments. 

“What  the  vendors  are  trying  to 
do  here  is  they’re  trying  to  find  a 
foothold  in  a  market  that  is  chang¬ 
ing  rapidly  and  substantially?’ 
Monson-Haefel  says.  “And  they’re 
also  trying  to  find  ways  in  which 
to  guide  people  who  are  adopting 
open  source  to  their  commercial 
offerings  as  they  look  for  more 
robust  and  sophisticated  plat¬ 
forms.” 

For  that  reason,  some  industry 
watchers  say  open  source  prod¬ 
ucts  are  in  good  hands  when 


acquired  by  responsible  commer¬ 
cial  software  makers. 

“It’s  just  not  in  their  interest  to 
destroy  the  community  or  stifle 
the  ongoing  development,”  says 
Tony  Wasserman,  executive  direc¬ 
tor  of  the  Center  for  Open  Source 
Investigation  at  Carnegie  Mellon 
University’s  campus  in  Moffett 
Field,  Calif. 

As  in  any  vendor  acquisition, 
some  purchasers  will  be  better 
shepherds  than  others,  Wasser¬ 
man  says.  “Acquisitions  tend  to 
work  or  not  work  —  in  both  the 
commercial  and  open  source 
world  —  based  on  what  the 
acquirer  does,”  he  says. 

Joel  Snyder,  senior  partner  at 
consulting  firm  Opus  One  and  a 
Network  World  Lab  Alliance 
member,  sees  lots  of  potential  in 
open  source  vendor  acquisi¬ 
tions.  “Companies  should  be 
happy  when  they  see  a  big  name 
behind  an  open  source  project, 
because  it  generally  means  more 
and  better  support,  rather  than 
less,”  he  says. 

To  some  extent,  the  trend  is 
inevitable.“Really  solid  enterprise 
software  always  seems  to  need 
some  commercial  backing,” 
Snyder  says.  Some  of  the  most 
significant  open  source  projects 
—  Linux,  BIND,  MySQL  and 
Sendmail  —  are  where  they  are 
largely  because  of  corporate  dol¬ 
lars  being  poured  into  them,  he 
says. 

After  all,  altruism  alone  isn’t 
going  to  sustain  software  develop¬ 
ers  who  have  to  make  a  living, 
Snyder  says.’The  reality  is  that  the 
two  —  commercial  and  open 
source  —  actually  thrive  better  to¬ 
gether  than  they  do  separately  he 
says. 

Bob  Hecht  is  aware  of  the  poten¬ 
tial  for  open  source  players  to  get 


purchased,  but  that  doesn’t  deter 
him  from  depending  on  open 
source  software  for  mission-criti¬ 
cal  systems  at  his  company, 
Informa. 

“One  of  the  biggest  risks  that 
companies  have  in  purchasing 
open  source  software  is  success,” 
says  Hecht,  who  is  vice  president 
of  content  strategies  at  the  Lon¬ 
don  firm  that  produces  publica¬ 
tions,  events  and  data  services 
worldwide.  “Success  means  that 
somebody  is  going  to  end  up 
offering  somebody  a  lot  of  money 
to  buy  it  out.” 

Informa  runs  a  full  Linux  stack 
for  many  of  its  front-end  applica¬ 
tions,  and  it  has  embedded 
Apache’s  Lucene  search  engine 
in  dozens  of  applications,  Hecht 
says.  It  has  tinkered  with  Liferay’s 
portal,  and  it’s  getting  ready  to 
go  live  with  its  first  deployment 
of  Alfresco  Software’s  open 
source  enterprise  content  man¬ 
agement  software. 

In  addition,  lnforma  is  preparing 
to  deploy  a  multimillion-dollar 
content  delivery  platform  that 
uses  a  MySQL  repository  he  says. 

“I’m  comfortable  in  saying  that 
if  we  build  something  on  an 
open  source  platform  and  it  gets 
bought,  it’s  ours  anyway  he  says. 
“The  implication  is  for  future 
development,  but  open  source 
has  a  way  of  living.  It  finds  a  way” 

To  prepare  for  a  scenario  in 
which  development  or  support 
for  an  open  source  application  is 
cut  off,  Hecht  makes  sure  In¬ 
forma’s  internal  development  staff 
is  skilled  with  the  product.  “We 
look  at  it  as  a  reason  to  get  as 
familiar  and  capable  with  this 
platform  as  we  possibly  can  so 
that  we  essentially  secure  our 
future.  If  we  do,  then  we  immunize 
ourselves  from  potential  prob¬ 
lems  like  that,”  he  says. 

Regardless,  the  commercial  in¬ 
terest  in  open  source  should  send 
a  message  to  IT  buyers  that  open 
source  is  here  to  stay 

“If  you’ve  had  doubts  that  open 
source  is  mainstream  today  the 
amount  of  money  being  thrown 
around  here  should  make  you 
believe  this  is  not  just  a  flash  in 
the  pan,"  says  Michael  Goulde,  a 
senior  analyst  at  Forrester  Re¬ 
search.  “It  should  be  something 
you’re  considering,  if  you’re  not 
already® 
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engineers.  Cisco  says  that  80%  of  the  network  engineers  who  pass 
report  increased  status  on  the  job,  while  75%  get  cash  rewards,  accord¬ 
ing  to  a  survey  taken  in  2004. 

Odom  raised  his  consulting  rates  by  25%  after  passing  the  CCIE 
exam.  He  also  became  one  of  the  best-selling  authors  for  Cisco  Press, 
writing  books  that  help  others  pass  the  CCIE  exams. 

“No  one  ever  gave  me  pushback  on  my  rates,”  Odom  says.The  exam 
“translated  into  real  dollars  for  me.” 

Network  engineers  who  have  passed  the  exam  say  it  is  worth  the 
time,  money  and  personal  sacrifice. 

Gorito.who  was  among  the  first  15  CCIEs  in  Brazil,  immediately  start¬ 
ed  getting  job  offers  after  passing  the  exam.  He  joined  NCR  and 
worked  in  New  York  supporting  Merrill  Lynch.  From  there  he  joined 
Cisco.  He  wrote  a  book  for  Cisco  Press  about  preparing  for  the  CCIE 
routing  and  switching  lab  exam. 

“For  me,  the  career  impact  was  big,”  Gorito  says. “When  you  finish  the 
process,  you  have  learned  so  much  that  you’re  at  a  different  level  of 
knowledge  and  skills.This  is  the  big  win  of  the  CCIE.”  ■ 
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BACKSPIN  Mark  Gibbs 

Demo  and  the  Next  Big  Things 


I  recently  attended  the 
Demo  ‘06  show  in  Phoenix 
and,  while  the  show  is 
hosted  by  Network  World,  I 
can  honestly  say  it  is  one  of 
the  most  exciting  industry  events  I  know.  What  Demo 
shows  is  that  innovation  is  alive  and  well.  Given  that  most 
of  the  700  attendees  were  venture  capitalists,  it  also  shows 
there’s  money  out  there  looking  for  the  Next  Big  Thing. 

What  kind  of  things?  Well,  developments  in  technologies 
and  products.  At  the  50,000-foot  level,  a  Next  Big  Thing  is 
something  that  transforms  markets,  killing  off  the  mori¬ 
bund  or  stagnant  products  and  enabling  the  development 
and  rise  of  new  products  that  often  create  new  technolo¬ 
gy  or  product  ecosystems. 

At  Demo  there  were  two  panels  that  addressed  Next  Big 
Thing  technologies:  Computational  biology,  which  involves 
a  range  of  topics  centered  around  the  intersection  of  com¬ 
puting  as  applied  to  genomics;  and  the  Future  of  security 
which  looked  at  the  challenges  of  security  in  an  increas¬ 
ingly  connected  and  complex  networked  environment. 

The  latter  panel  was  anything  but  good  news,  with 
Hilarie  Orman,  CTO  and  vice  president  of  engineering  at 
Shinkuro, summing  up  the  current  situation  by  saying, 

“The  state  of  security  is  dismal,  absolutely  abysmal.”The 
panel  confirmed  what  we  all  suspect:  Security  won’t  get 


any  easier,  will  probably  get  harder,  the  risks  will  get 
greater  and  then  we’ll  die. 

The  panel  on  computational  biology  was  more  uplifting 
with  a  lot  of  enthusiastic  discussion  about  the  effect  of 
personalized  medicine  and  the  enormity  of  the  tasks  of 
calculating  protein  folding  and  virtual  biology 

In  terms  of  Next  Big  Thing  products,  a  few  demonstra¬ 
tions  at  the  show  have  the  potential  to  make  an  impact 
on  how  we  do  IT  in  the  next  two  or  three  years. 

One  of  my  favorites  was  IPswap  described  as  “a  global 
marketplace  that  allows  people  to  share,  interact,  solve 
problems  and  create  new  solutions.”  IPswap  is  intended  to 
make  it  possible  for  people  who  want  software  and  peo¬ 
ple  who  make  software  to  find  each  other  and  negotiate 
terms  of  engagement  not  only  over  price  but  also  over 
royalties.  While  the  company  seems  to  focus  on  consumer 
projects  (“I  want  this  feature  on  my  iPod  for  $25”),  I  sus¬ 
pect  this  could  become  a  tremendous  corporate  resource 
(“I  want  this  feature  on  my  server  for  $250”). 

Another  company  with  an  interesting  idea  was  Krugle.  It 
offers  a  specialized  search  engine  for  easily  finding  open 
source  code  and  related  technical  information.  Given  that 
interest  in  open  source  is  growing,  this  will  be  invaluable 
to  corporate  developers. 

Avokia  was  at  Demo  showing  ApLive,  a  product  that  max¬ 
imizes  database  availability  by  virtualizing  the  data  layer  to 


support  real-time  transaction  replication  and  load  balanc¬ 
ing  across  multiple  active  synchronized  databases. 

One  of  my  top  picks  of  the  show  was  another  database- 
related  solution  from  Panoratio  Database  Images. 
Panoratio’s  products,  .pdi  Generator  and  .pdi  Explorer,  let 
you,  respectively  take  a  highly  compressed  snapshot  of  a 
database  and  then  view  it. 

Compression  is  achieved  by  applying  several  algo¬ 
rithms  to  datasets  of  as  many  as  2,000  dimensions  with 
as  many  as  100  million  rows!  The  result  is  a  static  data¬ 
base  between  30  and  1,000  times  smaller  than  the  origi¬ 
nal  that  can  be  stored  in  memory  and  searched  with 
remarkable  speed. The  company  showed  a  laptop  sup¬ 
porting  a  database  of  1 10  dimensions  that  covered  every 
play  ever  run  in  the  National  Football  League! 

Just  imagine  being  able  to  distribute  gonzo  databases 
easily  to  the  people  who  need  them  and  not  having  to 
provide  real-time  access  for  anything  but  current  data. 

This  is  the  kind  of  technology  that  will  be  invaluable  in 
data-intensive  fields  such  as  medical  research,  demo¬ 
graphic  surveys  and  Web  analytics. 

The  Next  Big  Things  are  out  there,  rushing  towards  us, 
and  Demo  is  the  place  to  find  them. 

What  do  you  think  will  be  the  next  Big  Thing?  Tell  back 
spin  @gibbs.  com. 
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News,  insights  and  oddities 


Wikipedia  is  a  wonderful  resource,  but . . . 


Paul  McNamara 


What’s  not  to  like  about  Wikipedia.  Almost  1  million 
articles  strong  in  the  English  version,  this  immensely 
popular  site  has  become  a  go-to  resource  for  ’Net  users 
doing  research  for  school,  work  or  fun. 

What's  not  to  like,  though,  is  that  Wikipedia  —  the  self-proclaimed  “free  encyclopedia 
that  anyone  can  edit"  —  cannot  be  trusted  to  have  its  facts  straight.  Wikipedia  can’t  be 
trusted  expressly  because  anyone  can  edit  it  —  worse  yet,  anyone  can  edit  it  under  the 
cloak  of  anonymity.  And  anyone  too  often  includes  vandals  and  pranksters. 

It's  a  combination  that  makes  trust  all  but  impossible,  no  matter  how  otherwise  valu¬ 
able  the  site  may  be  on  any  other  score  —  and  I  say  that  as  an  admirer.The  wonders 
and  flaws  of  Wikipedia  were  detailed  last  week  in  a  two-part  series  in  The  Boston 
Globe  (www.nww.com,  DocFinder:  2254). 

The  most  notorious  example  ofWiki-mischief  recounted  involved  a  retired  Tennessee 
newspaper  publisher  whose  Wikipedia  profile  was  altered  to  falsely  implicate  him  in 
the  assassinations  of  John  and  Robert  Kennedy.The  Wiki-powers  that  be  did  what  they 
could  to  undo  that  libel  and  have  promised  to  do  a  better  job  of  policing  the  site,  but 
that’s  small  comfort  to  the  man  whose  reputation  was  besmirched.  _ 

Perhaps  more  troubling  from  the  standpoint  of  trustworthiness  is  the 
less  conspicuous  shenanigans  and  mistakes  that  plague  the  site.  For 
example,  dozens  of  members  of  Congress  have  had  theirWikipedia  pro¬ 
files  scrubbed  clean  of  embarrassing  facts  by  eager- beaver  staffers. 

you  just  never  know  what  you’re  going  to  get  there.  Let’s  say  you're 
looking  for  biographical  information  about  Bill  Gates  and  Wikipedia  tells 
yo<  that  "during  his  brief  stint  at  Harvard,  Gates  pledged  to  the  Phi 
Gamma  Delta  fraternity.” 

Would  you  think,  "I  didn’t  know  Gates  was  FIJI?”  or  “Hey,  look,  Wiki- 
pedia  has  Gates  in  there  with  Bluto,  Otter  and  the  rest  of  the  Animal 
house  gang." 


RECENTLY  IN  BUZZBLOG 
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All  you  need  to  see  what’s  wrong  with  a  Wikipedia  entry  is  a  firm  grasp  of  the  facts 
yourself.  My  search  the  other  day  took  me  to  a  Wikipedia  article  on  a  subject  about 
which  I  am  quite  familiar:  The  MetroWest  Daily  News  is  a  small  newspaper  in 
Framingham,  Mass.  According  to  the  brief  Wikipedia  article  about  it:  “The  current  name 
is  the  third  in  the  newspaper's  history.  Initially,  it  was  known  as  The  South  Middlesex 
Daily  News,  but  later  was  changed  to  The  Middlesex  Daily  News." 

Actually,  its  current  name  is  the  sixth  in  the  paper's  post-1900  history,  most  of  which 
was  spent  doing  business  as  The  Framingham  News.  Any  longtime  Framingham  resi¬ 
dent  older  than  50  could  have  told  you  so.  (Yes,  I  fixed  the  article.) 

Wikipedians  and  their  fans  will  argue  that  whatever  ails  their  baby  is  little  different,  if 
at  all,  from  the  well-publicized  ills  of  the  mainstream  media:  botched  reporting,  biased 
writing  and  outright  falsif ications.They’ll  argue  that  the  benefits  of  wiki  collaboration 
far  outweigh  any  flaws. 

None  of  that  gets  them  around  the  issue  of  trust. 


Meanwhile,  back  at  Buzzblog 

Many,  many  thanks  to  all  of  you  who  have  taken  the  time  to  check 
out  my  new  blog  called  Buzzblog  —  DocFinder:  1031.  Your  support¬ 
ive  e-mails  and  blog  posts  have  been  energizing  as  I  slog  my  way 
through  the  learning  curve  that  comes  with  this  endeavor. 

In  conjunction  with  the  blog,  I  am  assembling  an  e-mail  distribution 
list  of  readers  who  are  willing  to  be  pinged  from  time  to  time  —  not 
often  —  when  I  perceive  the  need  to  draw  on  expert  opinion  or  poll  the 
group.  We'll  come  up  with  some  kind  of  cute  name  —  Buzzblog  Buddies, 
the  Buzzblog  Brigade,  or  maybe  something  that  doesn’t  suck.  If  you're 
interested  in  being  part  of  the  list,  please  drop  me  a  line. 


The  address  is  buzz@nww.com. 
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Digital  City  Expo  is  designed  to 
meet  the  needs  of  community  leaders 
responsible  for  determining  their 
community’s  “Digital”  future. 

These  community  leaders  include: 

•  Mayors  and  City  Council  Members 

•  IT  Directors 

•  City  Managers 

•  Economic  Development  Directors 

•  Public  Safety  Officials 

•  Many  Others... 


Learn  how  you  can  help  your  community’s  economic  future  at 


Connecting  America’s  Communities 

Washington  DC  April  25-26,  2006 


www.digitalcityexpo.com 
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where  information  lives’ 


When  information 
comes  together, 
everybody  feels 
much  better. 


....  •  ■. 


Information  lives  at  El  Camino  Hospital.  A  leading  California  medical  facility,  El  Camino  Hospital  received  the  highest  ranking  in  a  recent  patient  survey. 
But'they  never  rest  in  their  mission  to  use  information  technology  to  help  them  improve  patient  care.  So  they  turned  to  EMC  to  build  a  flexible  informa¬ 
tion  infrastructure  that  reduces  costs  and  provides  fast,  reliable  information  to  doctors  and  nurses.  So  everybody  feels  much  better.  Talk  to  EMC  or  your 
■••>Vvs. 

EMC  Velpcity2  Partner  about  EMC  solutions  that  start  simple  and  stay  simple. 


Read  the  El  Camino  Hospital  profile  at  www.EMC.com/ElCamino  or  call  866-796-6369  to  learn  more 
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